From: Felix Lechner via Guix-patches via <guix-patches@gnu.org>
To: 63383@debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@lease-up.com>
Subject: [bug#63383] [PATCH 2/4] Drop limits.conf from /etc/security; use directly in pam-limits-service-type.
Date: Mon, 8 May 2023 17:58:07 -0700 [thread overview]
Message-ID: <02c2307e7a2d256b6d2da12a8c3ac4a9bfa390b0.1683593547.git.felix.lechner@lease-up.com> (raw)
In-Reply-To: <cover.1683593547.git.felix.lechner@lease-up.com>
This commit was tested and is already deployed in production.
* gnu/services/base.scm: Drop config file limits.conf from /etc; use absolute
path in store instead.
---
gnu/services/base.scm | 59 ++++++++++++++++++++-----------------------
1 file changed, 28 insertions(+), 31 deletions(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 4adb551796..16dcc55483 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1608,36 +1608,34 @@ (define-deprecated (syslog-service #:optional (config (syslog-configuration)))
(define pam-limits-service-type
(let ((pam-extension
- (lambda (pam)
- (let ((pam-limits (pam-entry
- (control "required")
- (module "pam_limits.so")
- (arguments
- '("conf=/etc/security/limits.conf")))))
- (if (member (pam-service-name pam)
- '("login" "greetd" "su" "slim" "gdm-password" "sddm"
- "sudo" "sshd"))
- (pam-service
- (inherit pam)
- (session (cons pam-limits
- (pam-service-session pam))))
- pam))))
-
- ;; XXX: Using file-like objects is deprecated, use lists instead.
- ;; This is to be reduced into the list? case when the deprecated
- ;; code gets removed.
- ;; Create /etc/security containing the provided "limits.conf" file.
- (security-limits
+ (lambda (limits-file)
+ (lambda (pam)
+ (let ((pam-limits (pam-entry
+ (control "required")
+ (module "pam_limits.so")
+ (arguments
+ (list #~(string-append "conf=" #$limits-file))))))
+ (if (member (pam-service-name pam)
+ '("login" "greetd" "su" "slim" "gdm-password" "sddm"
+ "sudo" "sshd"))
+ (pam-service
+ (inherit pam)
+ (session (cons pam-limits
+ (pam-service-session pam))))
+ pam)))))
+ (make-limits-file
(match-lambda
+ ;; XXX: Using file-like objects is deprecated, use lists instead.
+ ;; This is to be reduced into the list? case when the deprecated
+ ;; code gets removed.
((? file-like? obj)
(warning (G_ "Using file-like value for \
'pam-limits-service-type' is deprecated~%"))
- `(("security/limits.conf" ,obj)))
+ obj)
((? list? lst)
- `(("security/limits.conf"
- ,(plain-file "limits.conf"
- (string-join (map pam-limits-entry->string lst)
- "\n" 'suffix)))))
+ (plain-file "limits.conf"
+ (string-join (map pam-limits-entry->string lst)
+ "\n" 'suffix)))
(_ (raise
(formatted-message
(G_ "invalid input for 'pam-limits-service-type'~%")))))))
@@ -1645,13 +1643,12 @@ (module "pam_limits.so")
(service-type
(name 'limits)
(extensions
- (list (service-extension etc-service-type security-limits)
- (service-extension pam-root-service-type
- (lambda _ (list pam-extension)))))
+ (list (service-extension pam-root-service-type
+ (lambda (config)
+ (list (pam-extension (make-limits-file config)))))))
(description
- "Install the specified resource usage limits by populating
-@file{/etc/security/limits.conf} and using the @code{pam_limits}
-authentication module.")
+ "Use the @code{pam_limits} authentication module to set the specified
+resource usage limits.")
(default-value '()))))
(define-deprecated (pam-limits-service #:optional (limits '()))
--
2.39.2
next prev parent reply other threads:[~2023-05-09 0:59 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-09 0:56 [bug#63383] [PATCH 0/4] Various PAM improvements Felix Lechner via Guix-patches via
2023-05-09 0:58 ` [bug#63383] [PATCH 1/4] In PAM test, confirm ulimits actually imposed instead of comparing config files Felix Lechner via Guix-patches via
2023-05-09 0:58 ` Felix Lechner via Guix-patches via [this message]
2023-05-09 0:58 ` [bug#63383] [PATCH 3/4] Refer to the built-in Linux-PAM modules by their absolute paths Felix Lechner via Guix-patches via
2023-05-09 0:58 ` [bug#63383] [PATCH 4/4] Use more file-append Felix Lechner via Guix-patches via
2023-05-12 18:51 ` [bug#63383] rebased Felix Lechner via Guix-patches via
2023-05-12 18:52 ` [bug#63383] [PATCH v2 1/4] In PAM test, confirm ulimits actually imposed instead of comparing config files Felix Lechner via Guix-patches via
2023-05-12 18:52 ` [bug#63383] [PATCH v2 2/4] Drop limits.conf from /etc/security; use directly in pam-limits-service-type Felix Lechner via Guix-patches via
2023-05-12 18:52 ` [bug#63383] [PATCH v2 3/4] Refer to the built-in Linux-PAM modules by their absolute paths Felix Lechner via Guix-patches via
2023-05-12 18:52 ` [bug#63383] [PATCH v2 4/4] Use more file-append Felix Lechner via Guix-patches via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=02c2307e7a2d256b6d2da12a8c3ac4a9bfa390b0.1683593547.git.felix.lechner@lease-up.com \
--to=guix-patches@gnu.org \
--cc=63383@debbugs.gnu.org \
--cc=felix.lechner@lease-up.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.