<div dir="ltr"><div class="gmail_quote"><div class="GmSign">On Sat, Aug 20, 2016 at 7:38 PM tim Rowledge <<a href="mailto:tim@rowledge.org">tim@rowledge.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
> On 20-08-2016, at 3:46 AM, Fabio Niephaus <<a href="mailto:lists@fniephaus.com" target="_blank">lists@fniephaus.com</a>> wrote:<br>
><br>
<br>
> May I suggest we simply skip the ensure_conf_file step, if the launch script detects to run on a Pi for this release? Shall we print instructions for the common-session setup if necessary instead? We can adjust this behavior in the future, of course. But I'm not sure we can work out a proper solution in the next couple of days.<br>
<br>
I would suggest that you make the ensure_conf_file script start with a test for<br>
<br>
a) being on a Pi with a kernel level 4 or greater<br>
b) being on any machine with kernel greater than X, where X is not currently a number I know. I simply don’t know enough linux terminology to do effective googling for this. The Pi does not have a special kernel so I think any version 4+ would be safe. Is anyone running on an x86 linux out there?<br>
<br>
If NOT (a AND b) then do magic with /etc/securityblah-blah.<br>
<br>
Somebody that follows and understand linux release history would probably be able to tell us exactly which version introduced the fix that makes /etc/security/blah unnecessary.<br></blockquote><div><br></div><div>I just had a quick chat with Eliot and we decided to skip the ensure_conf_file step on systems with Linux kernels earlier than 4.x.x for now.</div><div>We can change the behavior in the next release, but I'd currently say, it works well on the different systems as is.</div><div><br></div><div>Best,</div><div>Fabio</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
A test for /etc/pam.d/common-session containing<br>
' session required pam_limits.so'<br>
would be a decent idea if we could also work out if the user were using xrdp or any other affected system. I’d suggest just documenting it for now.<br>
<br>
tim<br>
--<br>
tim Rowledge; <a href="mailto:tim@rowledge.org" target="_blank">tim@rowledge.org</a>; <a href="http://www.rowledge.org/tim" rel="noreferrer" target="_blank">http://www.rowledge.org/tim</a><br>
Strange OpCodes: BFM: Branch on Full Moon<br>
<br>
<br>
<br>
</blockquote></div></div>