summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelix Lechner <felix.lechner@lease-up.com>2023-05-12 11:52:48 -0700
committerLudovic Courtès <ludo@gnu.org>2023-08-15 23:30:43 +0200
commit20c51c1d2ce8fd4b32203343c3afbfe2622a22d7 (patch)
treee78bebe2709a98122fb0b3b1a240a0242d75814d
parent465c328c82345fcd87fcbc7f1a538be009894601 (diff)
services: pam-limits: Keep 'limits.conf' in the store.
* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap into a 'lambda' that takes 'limits-file'. Pass that in the <pam-entry> 'arguments' field. Define 'make-limits-file' and use it. Remove ETC-SERVICE-TYPE extension. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r--gnu/services/base.scm63
1 files changed, 30 insertions, 33 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 492cf8a693..b557af24af 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1603,38 +1603,36 @@ information on the configuration file syntax."
(define pam-limits-service-type
(let ((pam-extension
- (pam-extension
- (transformer
- (lambda (pam)
- (let ((pam-limits (pam-entry
- (control "required")
- (module "pam_limits.so")
- (arguments
- '("conf=/etc/security/limits.conf")))))
- (if (member (pam-service-name pam)
- '("login" "greetd" "su" "slim" "gdm-password"
- "sddm" "sudo" "sshd" "lightdm"))
- (pam-service
- (inherit pam)
- (session (cons pam-limits
- (pam-service-session pam))))
- pam))))))
-
- ;; XXX: Using file-like objects is deprecated, use lists instead.
- ;; This is to be reduced into the list? case when the deprecated
- ;; code gets removed.
- ;; Create /etc/security containing the provided "limits.conf" file.
- (security-limits
+ (lambda (limits-file)
+ (pam-extension
+ (transformer
+ (lambda (pam)
+ (let ((pam-limits (pam-entry
+ (control "required")
+ (module "pam_limits.so")
+ (arguments
+ (list #~(string-append "conf=" #$limits-file))))))
+ (if (member (pam-service-name pam)
+ '("login" "greetd" "su" "slim" "gdm-password"
+ "sddm" "lightdm" "sudo" "sshd"))
+ (pam-service
+ (inherit pam)
+ (session (cons pam-limits
+ (pam-service-session pam))))
+ pam)))))))
+ (make-limits-file
(match-lambda
+ ;; XXX: Using file-like objects is deprecated, use lists instead.
+ ;; This is to be reduced into the list? case when the deprecated
+ ;; code gets removed.
((? file-like? obj)
(warning (G_ "Using file-like value for \
'pam-limits-service-type' is deprecated~%"))
- `(("security/limits.conf" ,obj)))
+ obj)
((? list? lst)
- `(("security/limits.conf"
- ,(plain-file "limits.conf"
- (string-join (map pam-limits-entry->string lst)
- "\n" 'suffix)))))
+ (plain-file "limits.conf"
+ (string-join (map pam-limits-entry->string lst)
+ "\n" 'suffix)))
(_ (raise
(formatted-message
(G_ "invalid input for 'pam-limits-service-type'~%")))))))
@@ -1642,13 +1640,12 @@ information on the configuration file syntax."
(service-type
(name 'limits)
(extensions
- (list (service-extension etc-service-type security-limits)
- (service-extension pam-root-service-type
- (lambda _ (list pam-extension)))))
+ (list (service-extension pam-root-service-type
+ (lambda (config)
+ (list (pam-extension (make-limits-file config)))))))
(description
- "Install the specified resource usage limits by populating
-@file{/etc/security/limits.conf} and using the @code{pam_limits}
-authentication module.")
+ "Use the @code{pam_limits} authentication module to set the specified
+resource usage limits.")
(default-value '()))))
(define-deprecated (pam-limits-service #:optional (limits '()))