services: desktop: Mount /var/lib/gdm on a tmpfs file system.

Fixes <https://issues.guix.gnu.org/44944>.

* gnu/services/xorg.scm (%gdm-activation): Delete variable.
(gdm-service-type): De-register it.
* gnu/services/desktop.scm (%gdm-file-system): New variable.
(gdm-file-system-service): Likewise.
(desktop-services-for-system): Use it.
This commit is contained in:
Maxim Cournoyer 2022-09-16 14:45:15 -04:00
parent e8fac28b9b
commit d7e56aebec
No known key found for this signature in database
GPG Key ID: 1260E46482E63562
2 changed files with 23 additions and 23 deletions

@ -117,6 +117,9 @@
elogind-service elogind-service
elogind-service-type elogind-service-type
%gdm-file-system
gdm-file-system-service
%fontconfig-file-system %fontconfig-file-system
fontconfig-file-system-service fontconfig-file-system-service
@ -1232,6 +1235,13 @@ when they log out."
(flags '(read-only)) (flags '(read-only))
(check? #f))) (check? #f)))
(define %gdm-file-system
(file-system
(device "none")
(mount-point "/var/lib/gdm")
(type "tmpfs")
(check? #f)))
;; The global fontconfig cache directory can sometimes contain stale entries, ;; The global fontconfig cache directory can sometimes contain stale entries,
;; possibly referencing fonts that have been GC'd, so mount it read-only. ;; possibly referencing fonts that have been GC'd, so mount it read-only.
;; As mentioned https://debbugs.gnu.org/cgi/bugreport.cgi?bug=36924#8 and ;; As mentioned https://debbugs.gnu.org/cgi/bugreport.cgi?bug=36924#8 and
@ -1240,6 +1250,15 @@ when they log out."
(simple-service 'fontconfig-file-system (simple-service 'fontconfig-file-system
file-system-service-type file-system-service-type
(list %fontconfig-file-system))) (list %fontconfig-file-system)))
;; Avoid stale caches and stale user IDs being reused between system
;; reconfigurations, which would crash GDM and render the system unusable.
;; GDM doesn't require persisting anything valuable there anyway.
(define gdm-file-system-service
(simple-service 'gdm-file-system
file-system-service-type
(list %gdm-file-system)))
;;; ;;;
;;; AccountsService service. ;;; AccountsService service.
@ -1750,6 +1769,10 @@ applications needing access to be root.")
(list (file-append nfs-utils "/sbin/mount.nfs") (list (file-append nfs-utils "/sbin/mount.nfs")
(file-append ntfs-3g "/sbin/mount.ntfs-3g")))) (file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
;; This is a volatile read-write file system mounted at /var/lib/gdm,
;; to avoid GDM stale cache and permission issues.
gdm-file-system-service
;; The global fontconfig cache directory can sometimes contain ;; The global fontconfig cache directory can sometimes contain
;; stale entries, possibly referencing fonts that have been GC'd, ;; stale entries, possibly referencing fonts that have been GC'd,
;; so mount it read-only. ;; so mount it read-only.

@ -818,27 +818,6 @@ the GNOME desktop environment.")
(home-directory "/var/lib/gdm") (home-directory "/var/lib/gdm")
(shell (file-append shadow "/sbin/nologin"))))) (shell (file-append shadow "/sbin/nologin")))))
(define %gdm-activation
;; Ensure /var/lib/gdm is owned by the "gdm" user. This is normally the
;; case but could be wrong if the "gdm" user was created, then removed, and
;; then recreated under a different UID/GID: <https://bugs.gnu.org/37423>.
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(let* ((gdm (getpwnam "gdm"))
(uid (passwd:uid gdm))
(gid (passwd:gid gdm))
(st (stat "/var/lib/gdm" #f)))
;; Recurse into /var/lib/gdm only if it has wrong ownership.
(when (and st
(or (not (= uid (stat:uid st)))
(not (= gid (stat:gid st)))))
(for-each (lambda (file)
(chown file uid gid))
(find-files "/var/lib/gdm"
#:directories? #t)))))))
(define dbus-daemon-wrapper (define dbus-daemon-wrapper
(program-file (program-file
"gdm-dbus-wrapper" "gdm-dbus-wrapper"
@ -1022,8 +1001,6 @@ the GNOME desktop environment.")
(extensions (extensions
(list (service-extension shepherd-root-service-type (list (service-extension shepherd-root-service-type
gdm-shepherd-service) gdm-shepherd-service)
(service-extension activation-service-type
(const %gdm-activation))
(service-extension account-service-type (service-extension account-service-type
(const %gdm-accounts)) (const %gdm-accounts))
(service-extension pam-root-service-type (service-extension pam-root-service-type