From 7a92f5a3f9bfa22749d0a635d5ac878560336611 Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <rekado@elephly.net>
Date: Sat, 19 Sep 2015 12:40:20 +0200
Subject: [PATCH] WIP: respect /etc/security/limits.conf

---
 gnu/system/linux.scm | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm
index 7461a4a..d94e4ca 100644
--- a/gnu/system/linux.scm
+++ b/gnu/system/linux.scm
@@ -132,7 +132,10 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE."
 (define unix-pam-service
   (let ((unix (pam-entry
                (control "required")
-               (module "pam_unix.so"))))
+               (module "pam_unix.so")))
+        (limits (pam-entry
+                 (control "required")
+                 (module "pam_limits.so"))))
     (lambda* (name #:key allow-empty-passwords? motd)
       "Return a standard Unix-style PAM service for NAME.  When
 ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords.  When MOTD is true, it
@@ -154,13 +157,13 @@ should be the name of a file used as the message-of-the-day."
                           ;; Store SHA-512 encrypted passwords in /etc/shadow.
                           (arguments '("sha512" "shadow")))))
          (session (if motd
-                      (list unix
+                      (list unix limits
                             (pam-entry
                              (control "optional")
                              (module "pam_motd.so")
                              (arguments
                               (list #~(string-append "motd=" #$motd)))))
-                      (list unix))))))))
+                      (list unix limits))))))))
 
 (define (rootok-pam-service command)
   "Return a PAM service for COMMAND such that 'root' does not need to
-- 
2.5.0