diff options
| author | Jan Synacek <jan.synacek@gmail.com> | 2018-04-17 16:42:44 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-04-17 16:42:44 +0200 |
| commit | 22f9331412816f50366e74dd3623ebbbc2590068 (patch) | |
| tree | a46e76546dcfa870cc1858b0dc7ab9afbe71215c /man/pam_systemd.xml | |
| parent | 2cb36f7c1e4672df2b47bffab3b7d65216915992 (diff) | |
| download | systemd-22f9331412816f50366e74dd3623ebbbc2590068.tar.gz | |
logind: enable limiting of user session scopes using pam context objects (#8397)
Diffstat (limited to 'man/pam_systemd.xml')
| -rw-r--r-- | man/pam_systemd.xml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index 5aa12c704b..cdf45f8c20 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -250,6 +250,60 @@ </refsect1> <refsect1> + <title>Session limits</title> + + <para>PAM modules earlier in the stack, that is those that come before <command>pam_systemd.so</command>, + can set session scope limits using the PAM context objects. The data for these objects is provided as NUL-terminated C strings + and maps directly to the respective unit resource control directives. Note that these limits apply to individual sessions of the user, + they do not apply to all user processes as a combined whole. In particular, the per-user <command>user@.service</command> unit instance, + which runs the <command>systemd --user</command> manager process and its children, and is tracked outside of any session, being shared + by all the user's sessions, is not covered by these limits. + </para> + + <para> See + <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information about the resources. + Also, see <citerefentry><refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum></citerefentry> for additional information about how to set + the context objects. + </para> + + <variablelist> + <varlistentry> + <term><varname>systemd.memory_max</varname></term> + + <listitem><para>Sets unit <varname>MemoryMax=</varname>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>systemd.tasks_max</varname></term> + + <listitem><para>Sets unit <varname>TasksMax=</varname>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>systemd.cpu_weight</varname></term> + + <listitem><para>Sets unit <varname>CPUWeight=</varname>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>systemd.io_weight</varname></term> + + <listitem><para>Sets unit <varname>IOWeight=</varname>.</para></listitem> + </varlistentry> + </variablelist> + + <para>Example data as can be provided from an another PAM module: + <programlisting> +pam_set_data(handle, "systemd.memory_max", (void *)"200M", cleanup); +pam_set_data(handle, "systemd.tasks_max", (void *)"50", cleanup); +pam_set_data(handle, "systemd.cpu_weight", (void *)"100", cleanup); +pam_set_data(handle, "systemd.io_weight", (void *)"340", cleanup); + </programlisting> + </para> + + </refsect1> + + <refsect1> <title>Example</title> <programlisting>#%PAM-1.0 |