services: pam-limits: Keep 'limits.conf' in the store.
* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap into a 'lambda' that takes 'limits-file'. Pass that in the <pam-entry> 'arguments' field. Define 'make-limits-file' and use it. Remove ETC-SERVICE-TYPE extension. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Felix Lechner
Ludovic Courtès
parent
465c328c82
commit
20c51c1d2c
|
|
@ -1603,38 +1603,36 @@ information on the configuration file syntax."
|
|||
|
||||
(define pam-limits-service-type
|
||||
(let ((pam-extension
|
||||
(pam-extension
|
||||
(transformer
|
||||
(lambda (pam)
|
||||
(let ((pam-limits (pam-entry
|
||||
(control "required")
|
||||
(module "pam_limits.so")
|
||||
(arguments
|
||||
'("conf=/etc/security/limits.conf")))))
|
||||
(if (member (pam-service-name pam)
|
||||
'("login" "greetd" "su" "slim" "gdm-password"
|
||||
"sddm" "sudo" "sshd" "lightdm"))
|
||||
(pam-service
|
||||
(inherit pam)
|
||||
(session (cons pam-limits
|
||||
(pam-service-session pam))))
|
||||
pam))))))
|
||||
|
||||
;; XXX: Using file-like objects is deprecated, use lists instead.
|
||||
;; This is to be reduced into the list? case when the deprecated
|
||||
;; code gets removed.
|
||||
;; Create /etc/security containing the provided "limits.conf" file.
|
||||
(security-limits
|
||||
(lambda (limits-file)
|
||||
(pam-extension
|
||||
(transformer
|
||||
(lambda (pam)
|
||||
(let ((pam-limits (pam-entry
|
||||
(control "required")
|
||||
(module "pam_limits.so")
|
||||
(arguments
|
||||
(list #~(string-append "conf=" #$limits-file))))))
|
||||
(if (member (pam-service-name pam)
|
||||
'("login" "greetd" "su" "slim" "gdm-password"
|
||||
"sddm" "lightdm" "sudo" "sshd"))
|
||||
(pam-service
|
||||
(inherit pam)
|
||||
(session (cons pam-limits
|
||||
(pam-service-session pam))))
|
||||
pam)))))))
|
||||
(make-limits-file
|
||||
(match-lambda
|
||||
;; XXX: Using file-like objects is deprecated, use lists instead.
|
||||
;; This is to be reduced into the list? case when the deprecated
|
||||
;; code gets removed.
|
||||
((? file-like? obj)
|
||||
(warning (G_ "Using file-like value for \
|
||||
'pam-limits-service-type' is deprecated~%"))
|
||||
`(("security/limits.conf" ,obj)))
|
||||
obj)
|
||||
((? list? lst)
|
||||
`(("security/limits.conf"
|
||||
,(plain-file "limits.conf"
|
||||
(string-join (map pam-limits-entry->string lst)
|
||||
"\n" 'suffix)))))
|
||||
(plain-file "limits.conf"
|
||||
(string-join (map pam-limits-entry->string lst)
|
||||
"\n" 'suffix)))
|
||||
(_ (raise
|
||||
(formatted-message
|
||||
(G_ "invalid input for 'pam-limits-service-type'~%")))))))
|
||||
|
|
@ -1642,13 +1640,12 @@ information on the configuration file syntax."
|
|||
(service-type
|
||||
(name 'limits)
|
||||
(extensions
|
||||
(list (service-extension etc-service-type security-limits)
|
||||
(service-extension pam-root-service-type
|
||||
(lambda _ (list pam-extension)))))
|
||||
(list (service-extension pam-root-service-type
|
||||
(lambda (config)
|
||||
(list (pam-extension (make-limits-file config)))))))
|
||||
(description
|
||||
"Install the specified resource usage limits by populating
|
||||
@file{/etc/security/limits.conf} and using the @code{pam_limits}
|
||||
authentication module.")
|
||||
"Use the @code{pam_limits} authentication module to set the specified
|
||||
resource usage limits.")
|
||||
(default-value '()))))
|
||||
|
||||
(define-deprecated (pam-limits-service #:optional (limits '()))
|
||||
|
|
|
|||
Reference in New Issue