On Wed, 2019-09-11 at 21:48 +0200, Ricardo Wurmus wrote:
> Hi Jesse,
> 
> > I have been trying to set up ardour, but jackd doesn't start in
> > real-
> > time mode. I made an os definition that replicates this issue when
> > I
> > use a VM[0].
> > [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.h
> > tml
> > I asked the gnome and gdm IRC and found out gdm loads the gdm-
> > password
> > pam config, which seems untouched by pam-limits-service. My
> > /etc/pam.d/gdm-password (which should be the default) is attached.
> 
> I can reproduce this.
> 
> (I’m sorry for accidentally misleading you earlier.  Turns out I used
> JACK a little longer ago than I initially realized.)
> 
> I think it should be pretty easy to fix this:
> 
> 1) we should generate a single file that is used for generic session
> settings.
> 
> 2) all login programs (including gdm) should include that file in
> their
> PAM settings.
> 
> 3) the pam-limits-service should extend that single file instead of
> attempting to update a bunch of PAM files for a selected list of
> programs.
> 
> --
> Ricardo
> 
Is all this best practice?

This solution would have patches for three files:
- gnu/system/pam.scm (adding the generic session settings file and
patching the "su" and "login" configurations)
- gnu/services/base.scm (patching pam-limits-service)
- gnu/services/desktop.scm (patching the graphical login
configurations).

All new login services would require a patch to just one file with
these steps implemented(to add the service), whereas they would each
need a patch to two files if they are not implemented (one to add the
service, another to have pam-limits-service modify the service's pam
config.

If you think this solution is better design than what we currently
have, and others in this mailing list agree, I will work to provide
these patches.

I previously said adding gdm-password to the list of pam configs
amended by pam-limits-service did not work. I then discovered the
changes in the environment will not work unless I run "make". I don't
know if this is a bug in guix or guile, or if it is intentionally this
way; the manual should be updated to clarify that guix needs to be
built in the environment for the changes to work.

I sent a patch (bug#37405) that fixes this issue for gdm-password. A
simple change can probably fix it for gdm-autologin (not added because
I haven't tested it) and whatever gdm loads when the user logs in with
biometric fingerprints (I don't know the name). When we add ldm and
kdm, I think we can do something similar.

-- 
-Jesse



Reply via email to