On Wed, 2019-09-11 at 21:48 +0200, Ricardo Wurmus wrote: > Hi Jesse, > > > I have been trying to set up ardour, but jackd doesn't start in > > real- > > time mode. I made an os definition that replicates this issue when > > I > > use a VM. > >  https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.h > > tml > > I asked the gnome and gdm IRC and found out gdm loads the gdm- > > password > > pam config, which seems untouched by pam-limits-service. My > > /etc/pam.d/gdm-password (which should be the default) is attached. > > I can reproduce this. > > (I’m sorry for accidentally misleading you earlier. Turns out I used > JACK a little longer ago than I initially realized.) > > I think it should be pretty easy to fix this: > > 1) we should generate a single file that is used for generic session > settings. > > 2) all login programs (including gdm) should include that file in > their > PAM settings. > > 3) the pam-limits-service should extend that single file instead of > attempting to update a bunch of PAM files for a selected list of > programs. > > -- > Ricardo > Is all this best practice?
This solution would have patches for three files: - gnu/system/pam.scm (adding the generic session settings file and patching the "su" and "login" configurations) - gnu/services/base.scm (patching pam-limits-service) - gnu/services/desktop.scm (patching the graphical login configurations). All new login services would require a patch to just one file with these steps implemented(to add the service), whereas they would each need a patch to two files if they are not implemented (one to add the service, another to have pam-limits-service modify the service's pam config. If you think this solution is better design than what we currently have, and others in this mailing list agree, I will work to provide these patches. I previously said adding gdm-password to the list of pam configs amended by pam-limits-service did not work. I then discovered the changes in the environment will not work unless I run "make". I don't know if this is a bug in guix or guile, or if it is intentionally this way; the manual should be updated to clarify that guix needs to be built in the environment for the changes to work. I sent a patch (bug#37405) that fixes this issue for gdm-password. A simple change can probably fix it for gdm-autologin (not added because I haven't tested it) and whatever gdm loads when the user logs in with biometric fingerprints (I don't know the name). When we add ldm and kdm, I think we can do something similar. -- -Jesse