* [Tue, Oct 16, 2012 at 04:44:41PM +0200] Guus Sliepen:
On Tue, Oct 16, 2012 at 03:30:18PM +0200, Gian Piero Carrubba wrote:
A simple patch is attached. This way it should be possible to use
both --mlock and --user with an unprivileged user and more than few
tinc nodes without incurring in the problem reported in [0]_
(namely, "Error while processing METAKEY from ...").
Indeed, that is a good idea. However, isn't /etc/security/limits.conf a better
place to configure this?
Sure, it would be cleaner. Problem is that /etc/security/limits.conf
(or, better yet, /etc/security/limits.d/tinc.conf) is read by pam_limits
and tincd does not invoke the pam stack (well, haven't dug into the
source but as it isn't linked against libpam I guessed so). So, writing
a parser for reading limits.conf in the init script seems a bit
overkilling to me.
If you're willing to wear your upstream hat, it would be great if you
could add support for pam. But honestly I don't know if it's worth the
pain.
As a side note, I think creating a `tinc' system user in the
postinst and defaulting to use `--user=tinc' would also be nice.
That is also a good idea. At the moment testing is frozen, I will wait for
wheezy to be released before uploading any of these changes to unstable, but I
will probably upload to experimental them as part of tinc 1.1preX.
Great.
Thanks,
Gian Piero.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
