conflicting pam-limits-service and pam-mount-service-type

  • Done
  • quality assurance status badge
Details
2 participants
  • Julien Lepiller
  • muradm
Owner
unassigned
Submitted by
muradm
Severity
normal
M
M
muradm wrote on 29 Jul 2021 18:13
(address . bug-guix@gnu.org)
87v94tcd3l.fsf@muradm.net
pam-limits-service and pam-mount-service-type are working when
used only one of them. When both are present in list of (services,
conflict hapens when guix system reconfigure is invoked. Digging
the problem led to use of etc-service-type.

pam-limits-service defines /etc/security/limits.conf in
gnu/services/base.scm:

(define pam-limits-service-type
(let ((security-limits
;; Create /etc/security containing the provided
"limits.conf" file.
(lambda (limits-file)
`(("security"
,(computed-file
"security"
#~(begin
(mkdir #$output)
(stat #$limits-file)
(symlink #$limits-file
(string-append #$output "/limits.conf"))))))))
(pam-extension
(lambda (pam)

Basically, it says to etc-service-type i need "security" under
"/etc" and uses mkdir to create it.

pam-mount-service-type asks "security/pam_mount.conf.xml" from
etc-service-type.

(define (pam-mount-etc-service config)
`(("security/pam_mount.conf.xml"
,(make-pam-mount-configuration-file config))))

When both pam-mount-service-type and pam-limits-service are
defined in (services ...), if pam-mount-service-type is before
pam-limits, guix system reconfigure fails with "Permission
denied", if pam-limits is before then it is "File exists".

I would suggest to fix gnu/services/base.scm so that
pam-limits-services-type ask for "security/limits.conf" just like
pam-mount-services-type does in order to avoid conflict.

Currently, both pam-limits-service and pam-mount-service-type are
not usable at the same time.
J
J
Julien Lepiller wrote on 7 Aug 2021 17:35
Re: [bug#49804] [PATCH] services: pam-limits: fix limits.conf location
(name . muradm)(address . mail@muradm.net)
20210807173547.12257ae6@tachikoma.lepiller.eu
Le Sun, 01 Aug 2021 06:14:00 +0300,
muradm <mail@muradm.net> a écrit :

Toggle quote (5 lines)
> * gnu/services/base.scm: fix limits.conf location
>
> This fixes #49771
>

Pushed as 29883f113087edaf24570fbd7f1113df907f1099, thank you!
Closed
?