From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: [RFC] Support for pam_limits.so: =?utf-8?B?4oCcc3XigJ0=?= is
	ignored.
Date: Sun, 03 Apr 2016 23:42:54 +0200
Message-ID: <87egam9xnl.fsf@gnu.org>
References: <87bn5tyfrn.fsf@elephly.net> <87io01h9uc.fsf@gnu.org>
	<874mbkxymn.fsf@elephly.net> <87vb40f4t6.fsf@gnu.org>
	<87wpofzzgv.fsf@elephly.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49776)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1ampnQ-0000in-KX
	for guix-devel@gnu.org; Sun, 03 Apr 2016 17:43:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1ampnN-00083c-E5
	for guix-devel@gnu.org; Sun, 03 Apr 2016 17:43:00 -0400
In-Reply-To: <87wpofzzgv.fsf@elephly.net> (Ricardo Wurmus's message of "Sat,
	02 Apr 2016 19:34:40 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Ricardo Wurmus <rekado@elephly.net>
Cc: guix-devel <guix-devel@gnu.org>

Ricardo Wurmus <rekado@elephly.net> skribis:

> Ludovic Court=C3=A8s <ludo@gnu.org> writes:

[...]

>> I get:
>>
>> --8<---------------cut here---------------start------------->8---
>> $ ./pre-inst-env guix system build gnu/system/examples/lightweight-deskt=
op.tmpl
>> substitute: updating list of substitutes from 'https://mirror.hydra.gnu.=
org'... 100.0%
>> substitute: updating list of substitutes from 'https://hydra.gnu.org'...=
 100.0%
>>
>> [...]
>>
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system
>> $ grep pam_limit /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/=
pam.d/*
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/login:sessi=
on required pam_limits.so conf=3D/etc/security/limits.conf
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/slim:sessio=
n required pam_limits.so conf=3D/etc/security/limits.conf
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/su:session =
required pam_limits.so conf=3D/etc/security/limits.conf
>> --8<---------------cut here---------------end--------------->8---
>>
>> Could you try it?
>
> I did and I don=E2=80=99t get the same as you do:
>
> $ ./pre-inst-env guix system build gnu/system/examples/lightweight-deskto=
p.tmpl
> substitute: updating list of substitutes from 'https://hydra.gnu.org'... =
100.0%
> The following derivations will be built:
>    /gnu/store/l8r7k5ysw5vkdi67rcz9wx5gl9sxp892-system.drv
>    /gnu/store/5q0rh32ns03y4ndsj1fmsim9zm04x182-activate-service.drv
>    /gnu/store/rvgr25dfw70kf3dyr3mp8w9dmpqsqlll-activate.drv
>    /gnu/store/56d9psa8xcv3i6wqfc01zb39i9sbd7v5-boot.drv
>    /gnu/store/siny40wkak05sqlnmwwsmpxwh93rva1f-gtk-icon-themes.drv
>    /gnu/store/fx5bkg9cz15w90yqximsd678g31blyzk-info-dir.drv
>    /gnu/store/68ri6jqwbg1k15iiyvj3j9a065c22rd1-ca-certificate-bundle.drv
>    /gnu/store/ja6pgayi1qcyf8ffq27s4jimzcq2nm54-profile.drv
>    /gnu/store/50s165xprg605n58i81z49sv1f797vpz-etc.drv
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system
> $ grep pam_limit /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/p=
am.d/*
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/login:sessio=
n required pam_limits.so conf=3D/etc/security/limits.conf
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/slim:session=
 required pam_limits.so conf=3D/etc/security/limits.conf

Crazy stuff.

The =E2=80=98/etc-entry=E2=80=99 procedure in (gnu system pam) clearly call=
s the
transformation procedure for all the PAM services.  I don=E2=80=99t see what
could go wrong.

Could you add a bunch of =E2=80=99pk=E2=80=99 in this procedure and in your
=E2=80=98pam-extension=E2=80=99 procedure as well and report on that?

> I=E2=80=99m using Guix at commit a754eaf with additional commits to add p=
ackages
> to gnu/packages and the patch I sent earlier to extend the pam files
> with pam_limits.  The only uncommited change is the modification of
> =E2=80=9Cgnu/system/examples/lightweight-desktop.tmpl=E2=80=9D.
>
> Very odd.  It=E2=80=99s possible that this is a problem with my setup her=
e.  If
> that=E2=80=99s so, would you be okay with the commit (if it had a proper =
commit
> message)?

Yes (and doc :-)).

I haven=E2=80=99t checked the feasibility etc., but eventually, maybe it wo=
uld
be best to have Scheme bindings for limits.conf.  That way, we could
write services that extend =E2=80=98limits-service-type=E2=80=99 with new l=
imits or
something.

WDYT?

Thanks,
Ludo=E2=80=99.