summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMaxim Cournoyer <maxim.cournoyer@gmail.com>2022-09-16 14:45:15 -0400
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2022-09-16 16:27:08 -0400
commitd7e56aebec4535f3567c362b6084818873e54b0d (patch)
treec230e278f77edad86b3861ad3bec4b2643489443
parente8fac28b9b1fee6c4327cc93eabf630ddae99b59 (diff)
services: desktop: Mount /var/lib/gdm on a tmpfs file system.
Fixes <https://issues.guix.gnu.org/44944>. * gnu/services/xorg.scm (%gdm-activation): Delete variable. (gdm-service-type): De-register it. * gnu/services/desktop.scm (%gdm-file-system): New variable. (gdm-file-system-service): Likewise. (desktop-services-for-system): Use it.
-rw-r--r--gnu/services/desktop.scm23
-rw-r--r--gnu/services/xorg.scm23
2 files changed, 23 insertions, 23 deletions
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 9b3eb12613..1b087635d1 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -117,6 +117,9 @@
elogind-service
elogind-service-type
+ %gdm-file-system
+ gdm-file-system-service
+
%fontconfig-file-system
fontconfig-file-system-service
@@ -1232,6 +1235,13 @@ when they log out."
(flags '(read-only))
(check? #f)))
+(define %gdm-file-system
+ (file-system
+ (device "none")
+ (mount-point "/var/lib/gdm")
+ (type "tmpfs")
+ (check? #f)))
+
;; The global fontconfig cache directory can sometimes contain stale entries,
;; possibly referencing fonts that have been GC'd, so mount it read-only.
;; As mentioned https://debbugs.gnu.org/cgi/bugreport.cgi?bug=36924#8 and
@@ -1240,6 +1250,15 @@ when they log out."
(simple-service 'fontconfig-file-system
file-system-service-type
(list %fontconfig-file-system)))
+
+;; Avoid stale caches and stale user IDs being reused between system
+;; reconfigurations, which would crash GDM and render the system unusable.
+;; GDM doesn't require persisting anything valuable there anyway.
+(define gdm-file-system-service
+ (simple-service 'gdm-file-system
+ file-system-service-type
+ (list %gdm-file-system)))
+
;;;
;;; AccountsService service.
@@ -1750,6 +1769,10 @@ applications needing access to be root.")
(list (file-append nfs-utils "/sbin/mount.nfs")
(file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
+ ;; This is a volatile read-write file system mounted at /var/lib/gdm,
+ ;; to avoid GDM stale cache and permission issues.
+ gdm-file-system-service
+
;; The global fontconfig cache directory can sometimes contain
;; stale entries, possibly referencing fonts that have been GC'd,
;; so mount it read-only.
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 0cbd9aa53b..3ff290c197 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -818,27 +818,6 @@ the GNOME desktop environment.")
(home-directory "/var/lib/gdm")
(shell (file-append shadow "/sbin/nologin")))))
-(define %gdm-activation
- ;; Ensure /var/lib/gdm is owned by the "gdm" user. This is normally the
- ;; case but could be wrong if the "gdm" user was created, then removed, and
- ;; then recreated under a different UID/GID: <https://bugs.gnu.org/37423>.
- (with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
-
- (let* ((gdm (getpwnam "gdm"))
- (uid (passwd:uid gdm))
- (gid (passwd:gid gdm))
- (st (stat "/var/lib/gdm" #f)))
- ;; Recurse into /var/lib/gdm only if it has wrong ownership.
- (when (and st
- (or (not (= uid (stat:uid st)))
- (not (= gid (stat:gid st)))))
- (for-each (lambda (file)
- (chown file uid gid))
- (find-files "/var/lib/gdm"
- #:directories? #t)))))))
-
(define dbus-daemon-wrapper
(program-file
"gdm-dbus-wrapper"
@@ -1022,8 +1001,6 @@ the GNOME desktop environment.")
(extensions
(list (service-extension shepherd-root-service-type
gdm-shepherd-service)
- (service-extension activation-service-type
- (const %gdm-activation))
(service-extension account-service-type
(const %gdm-accounts))
(service-extension pam-root-service-type