diff options
author | Felix Lechner <felix.lechner@lease-up.com> | 2023-05-12 11:52:48 -0700 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2023-08-15 23:30:43 +0200 |
commit | 20c51c1d2ce8fd4b32203343c3afbfe2622a22d7 (patch) | |
tree | e78bebe2709a98122fb0b3b1a240a0242d75814d | |
parent | 465c328c82345fcd87fcbc7f1a538be009894601 (diff) |
services: pam-limits: Keep 'limits.conf' in the store.
* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap
into a 'lambda' that takes 'limits-file'. Pass that in the <pam-entry>
'arguments' field. Define 'make-limits-file' and use it.
Remove ETC-SERVICE-TYPE extension.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r-- | gnu/services/base.scm | 63 |
1 files changed, 30 insertions, 33 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 492cf8a693..b557af24af 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1603,38 +1603,36 @@ information on the configuration file syntax." (define pam-limits-service-type (let ((pam-extension - (pam-extension - (transformer - (lambda (pam) - (let ((pam-limits (pam-entry - (control "required") - (module "pam_limits.so") - (arguments - '("conf=/etc/security/limits.conf"))))) - (if (member (pam-service-name pam) - '("login" "greetd" "su" "slim" "gdm-password" - "sddm" "sudo" "sshd" "lightdm")) - (pam-service - (inherit pam) - (session (cons pam-limits - (pam-service-session pam)))) - pam)))))) - - ;; XXX: Using file-like objects is deprecated, use lists instead. - ;; This is to be reduced into the list? case when the deprecated - ;; code gets removed. - ;; Create /etc/security containing the provided "limits.conf" file. - (security-limits + (lambda (limits-file) + (pam-extension + (transformer + (lambda (pam) + (let ((pam-limits (pam-entry + (control "required") + (module "pam_limits.so") + (arguments + (list #~(string-append "conf=" #$limits-file)))))) + (if (member (pam-service-name pam) + '("login" "greetd" "su" "slim" "gdm-password" + "sddm" "lightdm" "sudo" "sshd")) + (pam-service + (inherit pam) + (session (cons pam-limits + (pam-service-session pam)))) + pam))))))) + (make-limits-file (match-lambda + ;; XXX: Using file-like objects is deprecated, use lists instead. + ;; This is to be reduced into the list? case when the deprecated + ;; code gets removed. ((? file-like? obj) (warning (G_ "Using file-like value for \ 'pam-limits-service-type' is deprecated~%")) - `(("security/limits.conf" ,obj))) + obj) ((? list? lst) - `(("security/limits.conf" - ,(plain-file "limits.conf" - (string-join (map pam-limits-entry->string lst) - "\n" 'suffix))))) + (plain-file "limits.conf" + (string-join (map pam-limits-entry->string lst) + "\n" 'suffix))) (_ (raise (formatted-message (G_ "invalid input for 'pam-limits-service-type'~%"))))))) @@ -1642,13 +1640,12 @@ information on the configuration file syntax." (service-type (name 'limits) (extensions - (list (service-extension etc-service-type security-limits) - (service-extension pam-root-service-type - (lambda _ (list pam-extension))))) + (list (service-extension pam-root-service-type + (lambda (config) + (list (pam-extension (make-limits-file config))))))) (description - "Install the specified resource usage limits by populating -@file{/etc/security/limits.conf} and using the @code{pam_limits} -authentication module.") + "Use the @code{pam_limits} authentication module to set the specified +resource usage limits.") (default-value '())))) (define-deprecated (pam-limits-service #:optional (limits '())) |