From: ludo@gnu.org (Ludovic Courtès)
To: Ricardo Wurmus <rekado@elephly.net>
Cc: "guix-devel@gnu.org" <guix-devel@gnu.org>
Subject: Re: [RFC]: Respect /etc/security/limits.conf
Date: Sun, 20 Sep 2015 18:41:39 +0200 [thread overview]
Message-ID: <87zj0hjb5o.fsf@gnu.org> (raw)
In-Reply-To: <87zj0i65rl.fsf@elephly.net> (Ricardo Wurmus's message of "Sat, 19 Sep 2015 12:51:58 +0200")
Ricardo Wurmus <rekado@elephly.net> skribis:
> The attached patch tries to add an entry for pam_limits.so, but I have
> no idea if this actually works or if this is the way it should be done.
> As far as I can tell we only need the pam_limits.so entry for
> “/etc/pam.d/login”, but I could not find where this file is generated.
It is generated based on the ‘pam-services’ field of the service
returned by ‘mingetty-service’.
Maybe it would be best to adjust just that part?
> Also, I wonder how users are supposed to edit /etc/security/limits.conf
> at all. I suppose they are not to edit anything in /etc anyway.
> pam_limits.so also reads *.conf files in “/etc/security/limits.d/” and
> maybe it would make sense for packages to provide a
> “$out/etc/security/limits.d/$name.conf” file with settings. For
> example, the “jack” packages could then provide
> “$out/etc/security/limits.d/realtime.conf”, which contains the
> following:
>
> @realtime - rtprio 99
> @realtime - memlock unlimited
>
> (See http://www.jackaudio.org/faq/linux_rt_config.html)
Is this PREFIX/etc/security/limits.d convention already used? If not,
I’d rather avoid inventing it. ;-)
What we could do is add a field in ‘operating-system’ to specify the
limits.conf file to install as /etc/security/limits.conf?
It would be even better to create Scheme data types that mirror the
settings of a limits.conf file (similar to what is done for PAM
settings), and have users fiddle with that rather than with a plain text
file.
> A user in the “realtime” group could then finally use JACK in realtime
> mode.
>
> What is the best way to make this work? (I really want to run JACK in
> realtime mode.)
(In the meantime I think your patch plus manual fiddling of
/etc/security/limits.conf does the job.)
Ludo’.
next prev parent reply other threads:[~2015-09-20 16:41 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-19 10:51 [RFC]: Respect /etc/security/limits.conf Ricardo Wurmus
2015-09-20 16:41 ` Ludovic Courtès [this message]
2015-10-12 5:23 ` Ricardo Wurmus
2015-10-12 17:13 ` Ludovic Courtès
2015-10-17 18:24 ` Ricardo Wurmus
2015-10-19 14:58 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zj0hjb5o.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=rekado@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).