Hi Guix,

I noticed that we aren’t using pam_limits.so, so it is impossible to set
session-wide limits per user.  This is useful to explicitly grant the
“audio” group realtime priorities and lift memory allocation
restrictions.

The attached patch tries to add an entry for pam_limits.so, but I have
no idea if this actually works or if this is the way it should be done.
As far as I can tell we only need the pam_limits.so entry for
“/etc/pam.d/login”, but I could not find where this file is generated.

Also, I wonder how users are supposed to edit /etc/security/limits.conf
at all.  I suppose they are not to edit anything in /etc anyway.
pam_limits.so also reads *.conf files in “/etc/security/limits.d/” and
maybe it would make sense for packages to provide a
“$out/etc/security/limits.d/$name.conf” file with settings.  For
example, the “jack” packages could then provide
“$out/etc/security/limits.d/realtime.conf”, which contains the
following:

    @realtime   -  rtprio     99
    @realtime   -  memlock    unlimited

(See http://www.jackaudio.org/faq/linux_rt_config.html)

A user in the “realtime” group could then finally use JACK in realtime
mode.

What is the best way to make this work?  (I really want to run JACK in
realtime mode.)

~~ Ricardo