From patchwork Sat Feb 25 18:57:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Victal X-Patchwork-Id: 47328 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9FC7E16BBC; Sat, 25 Feb 2023 19:01:22 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3862216AFC for ; Sat, 25 Feb 2023 19:01:21 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pVzlH-0001u4-45; Sat, 25 Feb 2023 13:59:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVzlF-0001sV-Mu for guix-patches@gnu.org; Sat, 25 Feb 2023 13:59:09 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pVzlF-0000d7-Dz for guix-patches@gnu.org; Sat, 25 Feb 2023 13:59:09 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pVzlF-0007yJ-Aa for guix-patches@gnu.org; Sat, 25 Feb 2023 13:59:09 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61789] [PATCH 10/27] services: base: Deprecate 'pam-limits-service' procedure. Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 25 Feb 2023 18:59:09 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61789 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61789@debbugs.gnu.org Cc: Bruno Victal Received: via spool by 61789-submit@debbugs.gnu.org id=B61789.167735154830627 (code B ref 61789); Sat, 25 Feb 2023 18:59:09 +0000 Received: (at 61789) by debbugs.gnu.org; 25 Feb 2023 18:59:08 +0000 Received: from localhost ([127.0.0.1]:41483 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVzlD-0007xb-CW for submit@debbugs.gnu.org; Sat, 25 Feb 2023 13:59:08 -0500 Received: from smtpm8.myservices.hosting ([185.26.105.209]:46024) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVzki-0007uE-Ln for 61789@debbugs.gnu.org; Sat, 25 Feb 2023 13:58:37 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm8.myservices.hosting (Postfix) with ESMTP id 7CF8220D56 for <61789@debbugs.gnu.org>; Sat, 25 Feb 2023 19:58:22 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 30FCD800A3; Sat, 25 Feb 2023 19:58:22 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id PEjatA_IURTo; Sat, 25 Feb 2023 19:58:21 +0100 (CET) Received: from guix-nuc.home.arpa (bl9-119-177.dsl.telepac.pt [85.242.119.177]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 067E880079; Sat, 25 Feb 2023 19:58:19 +0100 (CET) From: Bruno Victal Date: Sat, 25 Feb 2023 18:57:56 +0000 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix.texi (Base Services): Replace pam-limits-service with pam-limits-service-type. * gnu/packages/benchmark.scm (python-locust)[description]: Update index anchor to manual. * gnu/services/base.scm (pam-limits-service-type): Accept both lists and file-like objects for compatibility. (pam-limits-service): Deprecate procedure. --- doc/guix.texi | 18 ++++++++--------- gnu/packages/benchmark.scm | 2 +- gnu/services/base.scm | 41 +++++++++++++++++++++++++++----------- 3 files changed, 39 insertions(+), 22 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index ec6f2d9c31..f9ca809e47 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18938,7 +18938,6 @@ Base Services @end table @end deftp -@anchor{pam-limits-service} @cindex session limits @cindex ulimit @cindex priority @@ -18946,19 +18945,20 @@ Base Services @cindex jackd @cindex nofile @cindex open file descriptors -@deffn {Scheme Procedure} pam-limits-service [#:limits @code{'()}] - -Return a service that installs a configuration file for the +@anchor{pam-limits-service-type} +@defvar pam-limits-service-type +Type of the service that installs a configuration file for the @uref{http://linux-pam.org/Linux-PAM-html/sag-pam_limits.html, -@code{pam_limits} module}. The procedure optionally takes a list of -@code{pam-limits-entry} values, which can be used to specify +@code{pam_limits} module}. The value for this service type is +a list of @code{pam-limits-entry} values, which can be used to specify @code{ulimit} limits and @code{nice} priority limits to user sessions. +By default, the value is the empty list. The following limits definition sets two hard and soft limits for all login sessions of users in the @code{realtime} group: @lisp -(pam-limits-service +(service pam-limits-service-type (list (pam-limits-entry "@@realtime" 'both 'rtprio 99) (pam-limits-entry "@@realtime" 'both 'memlock 'unlimited))) @@ -18973,7 +18973,7 @@ Base Services descriptors that can be used: @lisp -(pam-limits-service +(service pam-limits-service-type (list (pam-limits-entry "*" 'both 'nofile 100000))) @end lisp @@ -18984,7 +18984,7 @@ Base Services else the users would be prevented from login in. For more information about the Pluggable Authentication Module (PAM) limits, refer to the @samp{pam_limits} man page from the @code{linux-pam} package. -@end deffn +@end defvar @defvar greetd-service-type @uref{https://git.sr.ht/~kennylevinsen/greetd, @code{greetd}} is a minimal and diff --git a/gnu/packages/benchmark.scm b/gnu/packages/benchmark.scm index 33e2466da9..fd8513f41d 100644 --- a/gnu/packages/benchmark.scm +++ b/gnu/packages/benchmark.scm @@ -458,7 +458,7 @@ (define-public python-locust Note: Locust will complain if the available open file descriptors limit for the user is too low. To raise such limit on a Guix System, refer to -@samp{info guix --index-search=pam-limits-service}.") +@samp{info guix --index-search=pam-limits-service-type}.") (license license:expat))) (define-public interbench diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 1423ab6767..bda38abae3 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -40,7 +40,7 @@ (define-module (gnu services base) #:use-module (guix store) #:use-module (guix deprecation) - #:autoload (guix diagnostics) (warning &fix-hint) + #:autoload (guix diagnostics) (warning report-error &fix-hint) #:autoload (guix i18n) (G_) #:use-module (guix combinators) #:use-module (gnu services) @@ -246,7 +246,7 @@ (define-module (gnu services base) kmscon-service-type pam-limits-service-type - pam-limits-service + pam-limits-service ; deprecated greetd-service-type greetd-configuration @@ -1584,17 +1584,13 @@ (define-deprecated (syslog-service #:optional (config (syslog-configuration))) (define pam-limits-service-type - (let ((security-limits - ;; Create /etc/security containing the provided "limits.conf" file. - (lambda (limits-file) - `(("security/limits.conf" - ,limits-file)))) - (pam-extension + (let ((pam-extension (lambda (pam) (let ((pam-limits (pam-entry (control "required") (module "pam_limits.so") - (arguments '("conf=/etc/security/limits.conf"))))) + (arguments + '("conf=/etc/security/limits.conf"))))) (if (member (pam-service-name pam) '("login" "greetd" "su" "slim" "gdm-password" "sddm" "sudo" "sshd")) @@ -1602,7 +1598,26 @@ (define pam-limits-service-type (inherit pam) (session (cons pam-limits (pam-service-session pam)))) - pam))))) + pam)))) + + ;; XXX: Using file-like objects is deprecated, use lists instead. + ;; This is to be reduced into the list? case when the deprecated + ;; code gets removed. + ;; Create /etc/security containing the provided "limits.conf" file. + (security-limits + (match-lambda + ((? file-like? obj) + (warning (G_ "Using file-like value for 'pam-limits-service-type' +is deprecated~%")) + obj) + ((? list? lst) + `(("security/limits.conf" + ,(plain-file "limits.conf" + (string-join (map pam-limits-entry->string lst) + "\n" 'suffix))))) + (_ (report-error + (G_ "invalid input for 'pam-limits-service-type'~%")))))) + (service-type (name 'limits) (extensions @@ -1612,9 +1627,11 @@ (define pam-limits-service-type (description "Install the specified resource usage limits by populating @file{/etc/security/limits.conf} and using the @code{pam_limits} -authentication module.")))) +authentication module.") + (default-value '())))) -(define* (pam-limits-service #:optional (limits '())) +(define-deprecated (pam-limits-service #:optional (limits '())) + pam-limits-service-type "Return a service that makes selected programs respect the list of pam-limits-entry specified in LIMITS via pam_limits.so." (service pam-limits-service-type