Bug#838191: systemd user units do not honor resource limits set in /etc/security/limits.conf

Michael Biebl biebl at debian.org
Tue Sep 27 10:25:30 BST 2016

Am 18.09.2016 um 11:16 schrieb Antonio Ospite:
> After a precious suggestion by Mantas Mikul─Śnas (grawity in
> #debian-systemd) I verified that this is happening because
> /etc/pam.d/systemd-user does not load pam_limits.so.
> The following change fixes the issue:
> -----------------------------------------------------------------------
> --- /etc/pam.d/systemd-user.orig	2016-09-17 17:40:19.787522246 +0200
> +++ /etc/pam.d/systemd-user	2016-09-17 15:13:17.035405264 +0200
> @@ -7,5 +7,6 @@
>  session  required pam_selinux.so close
>  session  required pam_selinux.so nottys open
>  session  required pam_loginuid.so
> +session  required pam_limits.so
>  @include common-session-noninteractive
>  session optional pam_systemd.so
> -----------------------------------------------------------------------
> After adding pam_limits and the settings in limits.conf, the units from
> above have the expected behavior.


> I can send a patch for /etc/pam.d/systemd-user against the systemd
> Debian package to address the issue, but I have a doubt: can this also
> be considered a bug in the upstream src/login/systemd-user.m4?
> If so I will send a standalone patch which applies _before_
> debian/Adjust-systemd-user-pam-config-file-for-Debian.patch this way it
> will be easier to have it merged upstream.

The upstream pam config file is Redhat specific in this regard. It
includes /etc/pam.d/system-auth, which in turn has

session     required      pam_limits.so

We do use common-account and common-session-noninteractive in Debian,
which do no include pam_limits.so. So I guess we will have to keep that
as a downstream change.

That said, maybe upstream could document better, which pam modules are
supposed to be included for systemd-user. If you want to file an
upstream bug report for that, this would be appreciated.

Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20160927/675b29c2/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list