services: desktop: Mount /var/lib/gdm on a tmpfs file system.
Fixes <https://issues.guix.gnu.org/44944>. * gnu/services/xorg.scm (%gdm-activation): Delete variable. (gdm-service-type): De-register it. * gnu/services/desktop.scm (%gdm-file-system): New variable. (gdm-file-system-service): Likewise. (desktop-services-for-system): Use it.
This commit is contained in:
parent
e8fac28b9b
commit
d7e56aebec
@ -117,6 +117,9 @@
|
|||||||
elogind-service
|
elogind-service
|
||||||
elogind-service-type
|
elogind-service-type
|
||||||
|
|
||||||
|
%gdm-file-system
|
||||||
|
gdm-file-system-service
|
||||||
|
|
||||||
%fontconfig-file-system
|
%fontconfig-file-system
|
||||||
fontconfig-file-system-service
|
fontconfig-file-system-service
|
||||||
|
|
||||||
@ -1232,6 +1235,13 @@ when they log out."
|
|||||||
(flags '(read-only))
|
(flags '(read-only))
|
||||||
(check? #f)))
|
(check? #f)))
|
||||||
|
|
||||||
|
(define %gdm-file-system
|
||||||
|
(file-system
|
||||||
|
(device "none")
|
||||||
|
(mount-point "/var/lib/gdm")
|
||||||
|
(type "tmpfs")
|
||||||
|
(check? #f)))
|
||||||
|
|
||||||
;; The global fontconfig cache directory can sometimes contain stale entries,
|
;; The global fontconfig cache directory can sometimes contain stale entries,
|
||||||
;; possibly referencing fonts that have been GC'd, so mount it read-only.
|
;; possibly referencing fonts that have been GC'd, so mount it read-only.
|
||||||
;; As mentioned https://debbugs.gnu.org/cgi/bugreport.cgi?bug=36924#8 and
|
;; As mentioned https://debbugs.gnu.org/cgi/bugreport.cgi?bug=36924#8 and
|
||||||
@ -1240,6 +1250,15 @@ when they log out."
|
|||||||
(simple-service 'fontconfig-file-system
|
(simple-service 'fontconfig-file-system
|
||||||
file-system-service-type
|
file-system-service-type
|
||||||
(list %fontconfig-file-system)))
|
(list %fontconfig-file-system)))
|
||||||
|
|
||||||
|
;; Avoid stale caches and stale user IDs being reused between system
|
||||||
|
;; reconfigurations, which would crash GDM and render the system unusable.
|
||||||
|
;; GDM doesn't require persisting anything valuable there anyway.
|
||||||
|
(define gdm-file-system-service
|
||||||
|
(simple-service 'gdm-file-system
|
||||||
|
file-system-service-type
|
||||||
|
(list %gdm-file-system)))
|
||||||
|
|
||||||
|
|
||||||
;;;
|
;;;
|
||||||
;;; AccountsService service.
|
;;; AccountsService service.
|
||||||
@ -1750,6 +1769,10 @@ applications needing access to be root.")
|
|||||||
(list (file-append nfs-utils "/sbin/mount.nfs")
|
(list (file-append nfs-utils "/sbin/mount.nfs")
|
||||||
(file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
|
(file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
|
||||||
|
|
||||||
|
;; This is a volatile read-write file system mounted at /var/lib/gdm,
|
||||||
|
;; to avoid GDM stale cache and permission issues.
|
||||||
|
gdm-file-system-service
|
||||||
|
|
||||||
;; The global fontconfig cache directory can sometimes contain
|
;; The global fontconfig cache directory can sometimes contain
|
||||||
;; stale entries, possibly referencing fonts that have been GC'd,
|
;; stale entries, possibly referencing fonts that have been GC'd,
|
||||||
;; so mount it read-only.
|
;; so mount it read-only.
|
||||||
|
@ -818,27 +818,6 @@ the GNOME desktop environment.")
|
|||||||
(home-directory "/var/lib/gdm")
|
(home-directory "/var/lib/gdm")
|
||||||
(shell (file-append shadow "/sbin/nologin")))))
|
(shell (file-append shadow "/sbin/nologin")))))
|
||||||
|
|
||||||
(define %gdm-activation
|
|
||||||
;; Ensure /var/lib/gdm is owned by the "gdm" user. This is normally the
|
|
||||||
;; case but could be wrong if the "gdm" user was created, then removed, and
|
|
||||||
;; then recreated under a different UID/GID: <https://bugs.gnu.org/37423>.
|
|
||||||
(with-imported-modules '((guix build utils))
|
|
||||||
#~(begin
|
|
||||||
(use-modules (guix build utils))
|
|
||||||
|
|
||||||
(let* ((gdm (getpwnam "gdm"))
|
|
||||||
(uid (passwd:uid gdm))
|
|
||||||
(gid (passwd:gid gdm))
|
|
||||||
(st (stat "/var/lib/gdm" #f)))
|
|
||||||
;; Recurse into /var/lib/gdm only if it has wrong ownership.
|
|
||||||
(when (and st
|
|
||||||
(or (not (= uid (stat:uid st)))
|
|
||||||
(not (= gid (stat:gid st)))))
|
|
||||||
(for-each (lambda (file)
|
|
||||||
(chown file uid gid))
|
|
||||||
(find-files "/var/lib/gdm"
|
|
||||||
#:directories? #t)))))))
|
|
||||||
|
|
||||||
(define dbus-daemon-wrapper
|
(define dbus-daemon-wrapper
|
||||||
(program-file
|
(program-file
|
||||||
"gdm-dbus-wrapper"
|
"gdm-dbus-wrapper"
|
||||||
@ -1022,8 +1001,6 @@ the GNOME desktop environment.")
|
|||||||
(extensions
|
(extensions
|
||||||
(list (service-extension shepherd-root-service-type
|
(list (service-extension shepherd-root-service-type
|
||||||
gdm-shepherd-service)
|
gdm-shepherd-service)
|
||||||
(service-extension activation-service-type
|
|
||||||
(const %gdm-activation))
|
|
||||||
(service-extension account-service-type
|
(service-extension account-service-type
|
||||||
(const %gdm-accounts))
|
(const %gdm-accounts))
|
||||||
(service-extension pam-root-service-type
|
(service-extension pam-root-service-type
|
||||||
|
Loading…
Reference in New Issue
Block a user