Re: [RFC]: Respect /etc/security/limits.conf

[Ludovic Courtès]

Ricardo Wurmus <address@hidden> skribis:

> The attached patch tries to add an entry for pam_limits.so, but I have
> no idea if this actually works or if this is the way it should be done.
> As far as I can tell we only need the pam_limits.so entry for
> “/etc/pam.d/login”, but I could not find where this file is generated.

It is generated based on the ‘pam-services’ field of the service
returned by ‘mingetty-service’.

Maybe it would be best to adjust just that part?

> Also, I wonder how users are supposed to edit /etc/security/limits.conf
> at all.  I suppose they are not to edit anything in /etc anyway.
> pam_limits.so also reads *.conf files in “/etc/security/limits.d/” and
> maybe it would make sense for packages to provide a
> “$out/etc/security/limits.d/$name.conf” file with settings.  For
> example, the “jack” packages could then provide
> “$out/etc/security/limits.d/realtime.conf”, which contains the
> following:
>
>     @realtime   -  rtprio     99
>     @realtime   -  memlock    unlimited
>
> (See http://www.jackaudio.org/faq/linux_rt_config.html)

Is this PREFIX/etc/security/limits.d convention already used?  If not,
I’d rather avoid inventing it.  ;-)

What we could do is add a field in ‘operating-system’ to specify the
limits.conf file to install as /etc/security/limits.conf?

It would be even better to create Scheme data types that mirror the
settings of a limits.conf file (similar to what is done for PAM
settings), and have users fiddle with that rather than with a plain text
file.

> A user in the “realtime” group could then finally use JACK in realtime
> mode.
>
> What is the best way to make this work?  (I really want to run JACK in
> realtime mode.)

(In the meantime I think your patch plus manual fiddling of
/etc/security/limits.conf does the job.)

Ludo’.