tribes/guix
1
0
Fork 1
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-05-28 20:12:11 +02:00
Code Activity

services: pam-limits: Keep 'limits.conf' in the store.

Browse Source 
* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap
into a 'lambda' that takes 'limits-file'.  Pass that in the <pam-entry>
'arguments' field.  Define 'make-limits-file' and use it.
Remove ETC-SERVICE-TYPE extension.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Felix Lechner
2023-05-12 11:52:48 -07:00
committed by Ludovic Courtès
parent 465c328c82
commit 20c51c1d2c
1 changed files with 30 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gnu/services/base.scm
+30 -33
View File
@@ -1603,38 +1603,36 @@ information on the configuration file syntax."
(define pam-limits-service-type (define pam-limits-service-type
(let ((pam-extension (let ((pam-extension
(pam-extension (lambda (limits-file)
(transformer (pam-extension
(lambda (pam) (transformer
(let ((pam-limits (pam-entry (lambda (pam)
(control "required") (let ((pam-limits (pam-entry
(module "pam_limits.so") (control "required")
(arguments (module "pam_limits.so")
'("conf=/etc/security/limits.conf"))))) (arguments
(if (member (pam-service-name pam) (list #~(string-append "conf=" #$limits-file))))))
'("login" "greetd" "su" "slim" "gdm-password" (if (member (pam-service-name pam)
"sddm" "sudo" "sshd" "lightdm")) '("login" "greetd" "su" "slim" "gdm-password"
(pam-service "sddm" "lightdm" "sudo" "sshd"))
(inherit pam) (pam-service
(session (cons pam-limits (inherit pam)
(pam-service-session pam)))) (session (cons pam-limits
pam)))))) (pam-service-session pam))))
pam)))))))
;; XXX: Using file-like objects is deprecated, use lists instead. (make-limits-file
;; This is to be reduced into the list? case when the deprecated
;; code gets removed.
;; Create /etc/security containing the provided "limits.conf" file.
(security-limits
(match-lambda (match-lambda
;; XXX: Using file-like objects is deprecated, use lists instead.
;; This is to be reduced into the list? case when the deprecated
;; code gets removed.
((? file-like? obj) ((? file-like? obj)
(warning (G_ "Using file-like value for \ (warning (G_ "Using file-like value for \
'pam-limits-service-type' is deprecated~%")) 'pam-limits-service-type' is deprecated~%"))
`(("security/limits.conf" ,obj))) obj)
((? list? lst) ((? list? lst)
`(("security/limits.conf" (plain-file "limits.conf"
,(plain-file "limits.conf" (string-join (map pam-limits-entry->string lst)
(string-join (map pam-limits-entry->string lst) "\n" 'suffix)))
"\n" 'suffix)))))
(_ (raise (_ (raise
(formatted-message (formatted-message
(G_ "invalid input for 'pam-limits-service-type'~%"))))))) (G_ "invalid input for 'pam-limits-service-type'~%")))))))
@@ -1642,13 +1640,12 @@ information on the configuration file syntax."
(service-type (service-type
(name 'limits) (name 'limits)
(extensions (extensions
(list (service-extension etc-service-type security-limits) (list (service-extension pam-root-service-type
(service-extension pam-root-service-type (lambda (config)
(lambda _ (list pam-extension))))) (list (pam-extension (make-limits-file config)))))))
(description (description
"Install the specified resource usage limits by populating "Use the @code{pam_limits} authentication module to set the specified
@file{/etc/security/limits.conf} and using the @code{pam_limits} resource usage limits.")
authentication module.")
(default-value '())))) (default-value '()))))
(define-deprecated (pam-limits-service #:optional (limits '())) (define-deprecated (pam-limits-service #:optional (limits '()))