From 22f9331412816f50366e74dd3623ebbbc2590068 Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Tue, 17 Apr 2018 16:42:44 +0200 Subject: logind: enable limiting of user session scopes using pam context objects (#8397) --- man/pam_systemd.xml | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'man/pam_systemd.xml') diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index 5aa12c704b..cdf45f8c20 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -249,6 +249,60 @@ based on the $DISPLAY variable. + + Session limits + + PAM modules earlier in the stack, that is those that come before pam_systemd.so, + can set session scope limits using the PAM context objects. The data for these objects is provided as NUL-terminated C strings + and maps directly to the respective unit resource control directives. Note that these limits apply to individual sessions of the user, + they do not apply to all user processes as a combined whole. In particular, the per-user user@.service unit instance, + which runs the systemd --user manager process and its children, and is tracked outside of any session, being shared + by all the user's sessions, is not covered by these limits. + + + See + systemd.resource-control5 for more information about the resources. + Also, see pam_set_data3 for additional information about how to set + the context objects. + + + + + systemd.memory_max + + Sets unit MemoryMax=. + + + + systemd.tasks_max + + Sets unit TasksMax=. + + + + systemd.cpu_weight + + Sets unit CPUWeight=. + + + + systemd.io_weight + + Sets unit IOWeight=. + + + + Example data as can be provided from an another PAM module: + +pam_set_data(handle, "systemd.memory_max", (void *)"200M", cleanup); +pam_set_data(handle, "systemd.tasks_max", (void *)"50", cleanup); +pam_set_data(handle, "systemd.cpu_weight", (void *)"100", cleanup); +pam_set_data(handle, "systemd.io_weight", (void *)"340", cleanup); + + + + + Example -- cgit v1.2.1