Light Display Manager

Merge lp:~lbssousa/lightdm/guest-account-union-mount-skel into lp:lightdm

  1. guest-account-union-mount-skel
  2. Merge into trunk
Proposed by Laércio de Sousa
Status: Superseded
Proposed branch: lp:~lbssousa/lightdm/guest-account-union-mount-skel
Merge into: lp:lightdm
Diff against target: 107 lines (+62/-5)
1 file modified
debian/guest-account.sh (+62/-5)
To merge this branch: bzr merge lp:~lbssousa/lightdm/guest-account-union-mount-skel
Reviewer Review Type Date Requested Status
Robert Ancell Approve
Review via email: mp+273898@code.launchpad.net

This proposal has been superseded by a proposal from 2015-10-13.

Description of the change

This patch proposes an alternative mechanism to customize guest sessions, based on union-mounting /etc/guest-session/skel with guest home directory, rather than just copying over contents from one to the other.

It *may* turn guest logins a bit faster (I've never measured it, however), and it avoids copying large files from /etc/guest-session/skel (e.g. a whole .wine directory) to a limited tmpfs home for guest accounts.

For each guest account created, it wraps /etc/guest-session/skel in a dedicated BindFS mount, so that the account in question will see itself as the owner of that directory's contents. If BindFS is not available, it will fall back directly to current copy over method.

If OverlayFS kernel module is available in the system, use it. However, if only AuFS is available, use it instead. If none of them is available, fall back to current copy over method. If /etc/guest-session/skel is not available, nothing changes: it'll continue copying over from /etc/skel (no union-mounting will be performed in this case).

To post a comment you must log in.
lp:~lbssousa/lightdm/guest-account-union-mount-skel updated
2198. By Laércio de Sousa

Revert some changes and make a per-user bindfs mount, rather than a shared bindfs mount for all guest accounts. Multi-seat guest logins break if we have a single shared bindfs mount.

2199. By Laércio de Sousa

Fix missing redefinition of PRE_HOME variable.

Revision history for this message
Robert Ancell (robert-ancell) wrote :

Looks good!

review: Approve
Revision history for this message
Laércio de Sousa (lbssousa) wrote :

Robert, could you please update this merge with a last-minute patch to add a -r (read-only option) for bindfs mounts? Consider also including packages "bindfs" and "linux-image>=3.18 (to ensure overlayfs is available) | aufs-tools" in "Suggests:" field for lightdm package.

lp:~lbssousa/lightdm/guest-account-union-mount-skel updated
2200. By Laércio de Sousa

Enforce read-only mode for all BindFS mounts to minimize risk of /etc/guest-session/skel corruption.

Revision history for this message
Robert Ancell (robert-ancell) wrote :

Can you do another MP for these changes? It will be easier as you know the exact changes.

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/guest-account.sh'
2--- debian/guest-account.sh 2015-01-17 18:18:30 +0000
3+++ debian/guest-account.sh 2015-10-09 19:39:23 +0000
4@@ -22,6 +22,7 @@
5 {
6 HOME=`mktemp -td guest-XXXXXX`
7 USER=`echo $HOME | sed 's/\(.*\)guest/guest/'`
8+ PRE_HOME="/tmp/.pre-${USER}"
9
10 # if $USER already exists, it must be a locked system account with no existing
11 # home directory
12@@ -49,20 +50,72 @@
13 adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER || {
14 umount "$HOME"
15 rm -rf "$HOME"
16+ umount "$PRE_HOME"
17+ rm -rf "$PRE_HOME"
18 exit 1
19 }
20 fi
21
22- # create temporary home directory
23- mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; }
24- chown $USER:$USER "$HOME"
25 gs_skel=/etc/guest-session/skel/
26+
27 if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then
28- cp -rT $gs_skel "$HOME"
29+ # Only perform union-mounting if BindFS is available
30+ if [ -x /usr/bin/bindfs ]; then
31+ # create temporary home directory
32+ mkdir "$PRE_HOME"
33+ mount -t tmpfs -o mode=700 none "$PRE_HOME" || { rm -rf "$PRE_HOME" "$HOME"; exit 1; }
34+ mkdir ${PRE_HOME}/lower ${PRE_HOME}/upper
35+ chown -R $USER:$USER "$PRE_HOME"
36+
37+ # Wrap ${gs_skel} in a BindFS mount, so that
38+ # guest account will see itself as the owner of ${gs_skel}'s contents.
39+ bindfs -M $USER $gs_skel ${PRE_HOME}/lower || {
40+ rm -rf "$PRE_HOME"
41+ rm -rf "$HOME"
42+ exit 1
43+ }
44+
45+ # Try OverlayFS first
46+ if modinfo -n overlay >/dev/null 2>&1; then
47+ mkdir ${PRE_HOME}/work
48+ chown $USER:$USER ${PRE_HOME}/work
49+ mount -t overlay -o lowerdir=${PRE_HOME}/lower,upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay $HOME || {
50+ umount ${PRE_HOME}/lower
51+ umount "$PRE_HOME"
52+ rm -rf "$PRE_HOME"
53+ rm -rf "$HOME"
54+ exit 1
55+ }
56+ # If OverlayFS is not available, try AuFS
57+ elif [ -x /sbin/mount.aufs ]; then
58+ mount -t aufs -o br=${PRE_HOME}/upper:${PRE_HOME}/lower none $HOME || {
59+ umount ${PRE_HOME}/lower
60+ umount "$PRE_HOME"
61+ rm -rf "$PRE_HOME"
62+ rm -rf "$HOME"
63+ exit 1
64+ }
65+ # If none of them is available, fall back to copy over
66+ else
67+ umount ${PRE_HOME}/lower
68+ umount "$PRE_HOME"
69+ rm -rf "$PRE_HOME"
70+ mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; }
71+ cp -rT $gs_skel "$HOME"
72+ chown -R $USER:$USER "$HOME"
73+ fi
74+ # If BindFS is not available, just fall back to copy over
75+ else
76+ mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; }
77+ cp -rT $gs_skel "$HOME"
78+ chown -R $USER:$USER "$HOME"
79+ fi
80 else
81+ mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; }
82 cp -rT /etc/skel/ "$HOME"
83+ chown -R $USER:$USER "$HOME"
84 fi
85- chown -R $USER:$USER "$HOME"
86+
87 usermod -d "$HOME" "$USER"
88
89 #
90@@ -127,6 +180,7 @@
91 }
92 GUEST_UID=`echo "$PWENT" | cut -f3 -d:`
93 GUEST_HOME=`echo "$PWENT" | cut -f6 -d:`
94+ GUEST_PRE_HOME=/tmp/.pre-$GUEST_USER
95
96 if [ "$GUEST_UID" -ge 500 ]; then
97 echo "Error: user $GUEST_USER is not a system user."
98@@ -146,6 +200,9 @@
99
100 umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true
101 rm -rf "$GUEST_HOME"
102+ umount ${GUEST_PRE_HOME}/lower || umount -l ${GUEST_PRE_HOME}/lower || true
103+ umount "$GUEST_PRE_HOME" || umount -l "$GUEST_PRE_HOME" || true
104+ rm -rf "$GUEST_PRE_HOME"
105
106 # remove leftovers in /tmp
107 find /tmp -mindepth 1 -maxdepth 1 -uid "$GUEST_UID" -print0 | xargs -0 rm -rf || true

Subscribers

People subscribed via source and target branches