Bug#838191: systemd user units do not honor resource limits set in /etc/security/limits.conf
Michael Biebl
biebl at debian.org
Tue Sep 27 10:25:30 BST 2016
Am 18.09.2016 um 11:16 schrieb Antonio Ospite:
> After a precious suggestion by Mantas Mikulėnas (grawity in
> #debian-systemd) I verified that this is happening because
> /etc/pam.d/systemd-user does not load pam_limits.so.
>
> The following change fixes the issue:
> -----------------------------------------------------------------------
> --- /etc/pam.d/systemd-user.orig 2016-09-17 17:40:19.787522246 +0200
> +++ /etc/pam.d/systemd-user 2016-09-17 15:13:17.035405264 +0200
> @@ -7,5 +7,6 @@
> session required pam_selinux.so close
> session required pam_selinux.so nottys open
> session required pam_loginuid.so
> +session required pam_limits.so
> @include common-session-noninteractive
> session optional pam_systemd.so
> -----------------------------------------------------------------------
>
>
> After adding pam_limits and the settings in limits.conf, the units from
> above have the expected behavior.
>
...
> I can send a patch for /etc/pam.d/systemd-user against the systemd
> Debian package to address the issue, but I have a doubt: can this also
> be considered a bug in the upstream src/login/systemd-user.m4?
>
> If so I will send a standalone patch which applies _before_
> debian/Adjust-systemd-user-pam-config-file-for-Debian.patch this way it
> will be easier to have it merged upstream.
The upstream pam config file is Redhat specific in this regard. It
includes /etc/pam.d/system-auth, which in turn has
session required pam_limits.so
We do use common-account and common-session-noninteractive in Debian,
which do no include pam_limits.so. So I guess we will have to keep that
as a downstream change.
That said, maybe upstream could document better, which pam modules are
supposed to be included for systemd-user. If you want to file an
upstream bug report for that, this would be appreciated.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20160927/675b29c2/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list