LightDM, login classes and system limits

bsduck

bsduck

Hello,

In /etc/login.conf I have the following login class:
Code: 
audio:\
        :memorylocked=unlimited:
It allows my main user unlimited memory locking, as recommended by audio/jack.

This works fine from a command line login, and from a X session started by startx.
As expected, ulimit -l returns unlimited.

But that doesn't work if I log in from LightDM.
In that case, ulimit -l returns 131072.

LightDM seems not to care about login classes. Is there a way to change that?

I tried various settings in /usr/local/etc/lightdm/lightdm.conf:
* running LightDM as my user instead of user "lightdm" -> doesn't work (I can't login)
* running LightDM as root -> works but no effect
* lock-memory=true -> no effect
* user-authority-in-system-dir=true -> no effect
* dbus-service=false -> no effect

LightDM's default (131072k) is what is defined for login class "daemon":
Code: 
daemon:\
        :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\
        :mail@:\
        :memorylocked=128M:\
        :tc=default:
If I set memorylocked=unlimited there, I do get unlimited locking in my X session, but I don't think it's a good idea to give all daemons that privilege.

I tried giving the "lightdm" user the same login class as me: no effect, it still follows the "daemon" limits (which makes sense given that lightdm is a nologin user).

I also tried setting a lower limit for my login class while class "daemon" had unlimited: I got unlimited from my X session too.

So it seems the system limits a user gets while logging in from LightDM are invariably what LightDM itself is allowed, and that's what's defined in class "daemon". Not really convenient, and rather broken design. If there's a way to set per-user limits while using LightDM, please let me know! Otherwise I think it's a good reason to avoid using LightDM on FreeBSD.

I'll try other display managers to compare.
 
Check this Archlinux wiki: https://wiki.archlinux.org/title/LightDM#X_session_wrapper
Code: 
X session wrapper

If you are migrating from xinit, you will notice that the display is not launched by your shell. This is because, as opposed to your
shell starting the display (and the display inheriting the environment of your shell), LightDM starts your display and does not source
your shell. LightDM launches the display by running a wrapper script and that finally exec's your graphic environment. By default,
/etc/lightdm/Xsession is run.[1]

Environment variables

The script checks and sources /etc/profile, ~/.profile, /etc/xprofile and ~/.xprofile, in that order. If you are using a
shell that does not source any of these files, you can create an ~/.xprofile to do so.
...

[1] On FreeBSD that would be /usr/local/etc/lightdm/Xsession
 
covacat said:
try lightdm_login_class="default" in rc.conf
Click to expand...
Nice! I didn't know you could set login classes there, thank you.

Setting it to "default" gives me, as expected, the default limit, which is 64k.
Setting it to my custom class "audio" allows me unlimited locked memory.

This does not solve the problem of missing per-user limits control, but for a personal laptop, it's an acceptable compromise.
I don't think LightDM being allowed to lock all my memory is a major concern, especially with lock-memory=false in its configuration file.
 
Last edited:
You must log in or register to reply here.
Back
Top