diff options
| author | muradm <mail@muradm.net> | 2023-05-22 22:06:51 +0300 |
|---|---|---|
| committer | Josselin Poiret <dev@jpoiret.xyz> | 2023-06-04 10:33:55 +0200 |
| commit | f4f5ee6ad6e2432f52e37c549211df8f1cdbb571 (patch) | |
| tree | baf0dbfeb3ec16e4001ad8001dc190ebd42b0e0d /doc/guix-cookbook.texi | |
| parent | 65bce4d9f9302bc798717d73548bbe5ceb802151 (diff) | |
services: screen-locker-service-type: Configurable PAM and setuid.
screen-locker-service-type by default does both define PAM entry
and make program setuid binary. Normally both methods are
mutually exclusive, if binary has setuid set it does not really
needs PAM, otherway around also similar, if PAM is enabled
binary should not relay on setuid.
Recent swaylock package now compiled with PAM support. When PAM
support is compiled in, swaylock rejects executing if binary is
also setuid program.
This change turns screen-locker-configuration from strict
PAM AND setuid to more flexible PAM AND/OR setuid. Allowing
swaylock to be configured properly while supporting other
screen locker preferences.
* gnu/services/xorg.scm (screen-locker-configuration): Switch from
define-record-type to define-configuration.
[using-pam?]: New field to control PAM entry existence.
[using-setuid?]: New field to control setuid binary existence.
(screen-locker-pam-services): Should not make unix-pam-service if
using-pam? is set to #f.
(screen-locker-setuid-programs): Should not make program setuid
program if using-setuid? is set to #f.
(screen-locker-generate-doc): Internal function to generate
configuration documentation.
(screen-locker-service): Adapt to new screen-locker-configuration.
* gnu/services/desktop.scm (desktop-services-for-system): Adapt to
new screen-locker-configuration.
* doc/guix.texi: Reflect new changes to screen-locker-configuration.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
Diffstat (limited to 'doc/guix-cookbook.texi')
| -rw-r--r-- | doc/guix-cookbook.texi | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index b1ffa72c0e..b9f5f6b6a9 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -2147,7 +2147,10 @@ be made setuid-root so it can authenticate users, and it needs a PAM service. Th can be achieved by adding the following service to your @file{config.scm}: @lisp -(screen-locker-service slock) +(service screen-locker-services-type + (screen-locker-configuration + (name "slock") + (program (file-append slock "/bin/slock")))) @end lisp If you manually lock your screen, e.g. by directly calling slock when you want to lock |