[Vm-dev] ulimit rat-rio setting (was Re: [OpenSmalltalk/opensmalltalk-vm] Do not use linux-latest runner, use an older stable version. (#598))

Bruce O'Neel bruce.oneel at pckswarms.ch
Wed Sep 29 17:31:40 UTC 2021


Hi,

So I might be wrong about this but I don't think Squeak needs to use
pam.  Pam is used for authentication and authorization.

So on my linux systems there are files in /etc/pam.d with names like
sshd, su, sudo and assorted login and screen saver programs. 

These are all programs which have to either run something that does
authorization or does authentication, or both.  Squeak needs neither
because we run squeak after you are logged in and the program which
logged you in has taken care of the authentication and
authorization.  And of course setting limits.

For the users rtprio to be set to something other than the default we
both need the /etc/security/limits.d/squeak.conf file, AND we need
what ever is doing the "login" to call the limits shared library of
pam to set the limits.

This is why the problem is complex since it is hard to know which
program has done the "login"

In my test case I had to reboot the system to get the normal console
login to run the new limits.  Before I rebooted it did not set the
rtprio from the normal console login but did set it when I used ssh to
connect.

So which program and which config file is the one who does my console
login?  Is it login?  Is it common-session?  Is it light-dm?  My
bet is on light-dm but maybe not.

cheers

bruce

On 2021-09-29T17:28:52.000+02:00, Phil B <pbpublist at gmail.com> wrote:

> -------------------------
> 
> Tobias,
> 
> On Wed, Sep 29, 2021 at 10:59 AM Tobias Pape <Das.Linux at gmx.de>
> wrote:
> 
>>   
>>  Hi
>>  
>>>   On 29. Sep 2021, at 15:59, Phil B <pbpublist at gmail.com> wrote:
>>>   
>>>   A tangential FYI: the Debian packaging will be taking care of
>>  this as part of the installation.
>>  
>>  that's what I hoped for.
> 
> You can see all of the 'global' system changes I'm making in the
> common package currently at https://github.com/pbella/squeak-common
>  
> 
>>>    Currently it installs the /etc/security/limits.d/squeak.conf
>>  file and I'll look into adding the pam.d part as well.
>>  
>>  Noooo don't change pam_d stuff. :D
>>  Debian has now its own pam management stuff and we should not mess
>>  with it.
> 
> Don't worry, that's why I only said I'd look into it.  I won't try
> to slam a generic PAM config as part of the install as I know we'd
> need to tread carefully here.
> 
>>  I was actually only curious whether tim's /etc/pam.d/* contains a
>>  reference to pam_limits, to see whether limits are applied in the
>>  first place.
>>  Since a reboot helped, the answer is, yes, pam_limits applied.
>>  
>>  So let's not get ahead of ourselves and let pam be :)
> 
> All I was thinking is that perhaps I could drop a squeak file in
> /etc/pam.d with any (perhaps commented out?) settings that apply to
> the VM along with any relevant documentation.  So basically keep it
> non-invasive but try to provide a pointer if this is a source of
> potential issues.  I'd also need to check Debian policy to see if
> this is something that should even be done as I know PAM is a touchy
> area re: system security and may have specific policy
> considerations.
> 
>  
> 
>>>   
>>>   Of course if there's a way to get the functionality without the
>>  config tweaking, that would be even better.  If not, well that's
>>  one of the many reasons we have packages ;-)
>>  
>>  Exactly.
>>  
>>  Best regards
>>          -Tobias
> 
> Thanks,
> Phil
>  
> 
>>>   
>>>   On Wed, Sep 29, 2021 at 2:24 AM Tobias Pape <Das.Linux at gmx.de>
>>  wrote:
>>>    
>>>   Hi
>>>   
>>>   
>>>   > On 29. Sep 2021, at 00:12, tim Rowledge <tim at rowledge.org>
>>  wrote:
>>>   > 
>>>   > 
>>>   > This reminds me to ask (probably again) if anyone actually
>>  understands ubuntu and getting the rtprio settings to 'take'.
>>>   > 
>>>   > I have the suggested /etc/security/limits.d/squeak.conf etc
>>  but it appears to be ignored - at least the VM complains about it.
>>  Since `ulimit -a` tells me that rtprio is 0, I suspect it is
>>  correct to complain.
>>>   > I've spent way too long trying to make sense of what I find
>>  with googling. This has been going on for ages (so, yes, the
>>  machine has been rebooted) and every now and then I try to make
>>  some sense of it. 
>>>   
>>>   
>>>   this file only takes action when pam_limits is used.
>>>   can you grep your /etc/pam.d for limits?
>>>   
>>>   Best regards
>>>           -Tobias
>>>   
>>>   PS: I hate to say it, but it seems the neat architecture of the
>>  heartbeat-VM is not appreciated by
>>>       current linux distros. There is just too much to do for
>>  the average user to make use of it.
>>>       Also, users need some kind of Root to be able to enable
>>  the rtprio, which is not a good idea.
>>>       Is there any way to get away without changing rtprio?
>>>   
>>>   
>>>   
>>>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20210929/1de7ead0/attachment-0001.html>


More information about the Vm-dev mailing list