8.4 Enabling PAM to Work with cgroup Rules

To configure PAM to use the rules that you configure in the /etc/cgrules.conf file:

  1. Install the libcgroup-pam package.

    # yum install libcgroup-pam

    The pam_cgroup.so module is installed in /lib64/security on 64-bit systems, and in /lib/security on 32-bit systems.

  2. Edit the /etc/pam.d/su configuration file, and add the following line for the pam_cgroup.so module:

    session  optional  pam_cgroup.so
Note

For a service that has a configuration file in /etc/sysconfig, you can add the following line to the start section of the file to start the service in a specified cgroup:

CGROUP_DAEMON="*:cgroup