Light Display Manager

Merge lp:~lbssousa/lightdm/guest-account-union-mount-skel into lp:lightdm

  1. guest-account-union-mount-skel
  2. Merge into trunk
Proposed by Laércio de Sousa
Status: Superseded
Proposed branch: lp:~lbssousa/lightdm/guest-account-union-mount-skel
Merge into: lp:lightdm
Diff against target: 107 lines (+62/-5)
1 file modified
debian/guest-account.sh (+62/-5)
To merge this branch: bzr merge lp:~lbssousa/lightdm/guest-account-union-mount-skel
Reviewer Review Type Date Requested Status
Robert Ancell Approve
Review via email: mp+273898@code.launchpad.net

This proposal has been superseded by a proposal from 2015-10-13.

Description of the change

This patch proposes an alternative mechanism to customize guest sessions, based on union-mounting /etc/guest-session/skel with guest home directory, rather than just copying over contents from one to the other.

It *may* turn guest logins a bit faster (I've never measured it, however), and it avoids copying large files from /etc/guest-session/skel (e.g. a whole .wine directory) to a limited tmpfs home for guest accounts.

For each guest account created, it wraps /etc/guest-session/skel in a dedicated BindFS mount, so that the account in question will see itself as the owner of that directory's contents. If BindFS is not available, it will fall back directly to current copy over method.

If OverlayFS kernel module is available in the system, use it. However, if only AuFS is available, use it instead. If none of them is available, fall back to current copy over method. If /etc/guest-session/skel is not available, nothing changes: it'll continue copying over from /etc/skel (no union-mounting will be performed in this case).

To post a comment you must log in.
lp:~lbssousa/lightdm/guest-account-union-mount-skel updated
2198. By Laércio de Sousa

Revert some changes and make a per-user bindfs mount, rather than a shared bindfs mount for all guest accounts. Multi-seat guest logins break if we have a single shared bindfs mount.

2199. By Laércio de Sousa

Fix missing redefinition of PRE_HOME variable.

Revision history for this message
Robert Ancell (robert-ancell) wrote :

Looks good!

review: Approve
Revision history for this message
Laércio de Sousa (lbssousa) wrote :

Robert, could you please update this merge with a last-minute patch to add a -r (read-only option) for bindfs mounts? Consider also including packages "bindfs" and "linux-image>=3.18 (to ensure overlayfs is available) | aufs-tools" in "Suggests:" field for lightdm package.

lp:~lbssousa/lightdm/guest-account-union-mount-skel updated
2200. By Laércio de Sousa

Enforce read-only mode for all BindFS mounts to minimize risk of /etc/guest-session/skel corruption.

Revision history for this message
Robert Ancell (robert-ancell) wrote :

Can you do another MP for these changes? It will be easier as you know the exact changes.

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/guest-account.sh'
--- debian/guest-account.sh 2015-01-17 18:18:30 +0000
+++ debian/guest-account.sh 2015-10-09 19:39:23 +0000
@@ -22,6 +22,7 @@
22{22{
23 HOME=`mktemp -td guest-XXXXXX`23 HOME=`mktemp -td guest-XXXXXX`
24 USER=`echo $HOME | sed 's/\(.*\)guest/guest/'`24 USER=`echo $HOME | sed 's/\(.*\)guest/guest/'`
25 PRE_HOME="/tmp/.pre-${USER}"
2526
26 # if $USER already exists, it must be a locked system account with no existing27 # if $USER already exists, it must be a locked system account with no existing
27 # home directory28 # home directory
@@ -49,20 +50,72 @@
49 adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER || {50 adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER || {
50 umount "$HOME"51 umount "$HOME"
51 rm -rf "$HOME"52 rm -rf "$HOME"
53 umount "$PRE_HOME"
54 rm -rf "$PRE_HOME"
52 exit 155 exit 1
53 }56 }
54 fi57 fi
5558
56 # create temporary home directory
57 mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; }
58 chown $USER:$USER "$HOME"
59 gs_skel=/etc/guest-session/skel/59 gs_skel=/etc/guest-session/skel/
60
60 if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then61 if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then
61 cp -rT $gs_skel "$HOME"62 # Only perform union-mounting if BindFS is available
63 if [ -x /usr/bin/bindfs ]; then
64 # create temporary home directory
65 mkdir "$PRE_HOME"
66 mount -t tmpfs -o mode=700 none "$PRE_HOME" || { rm -rf "$PRE_HOME" "$HOME"; exit 1; }
67 mkdir ${PRE_HOME}/lower ${PRE_HOME}/upper
68 chown -R $USER:$USER "$PRE_HOME"
69
70 # Wrap ${gs_skel} in a BindFS mount, so that
71 # guest account will see itself as the owner of ${gs_skel}'s contents.
72 bindfs -M $USER $gs_skel ${PRE_HOME}/lower || {
73 rm -rf "$PRE_HOME"
74 rm -rf "$HOME"
75 exit 1
76 }
77
78 # Try OverlayFS first
79 if modinfo -n overlay >/dev/null 2>&1; then
80 mkdir ${PRE_HOME}/work
81 chown $USER:$USER ${PRE_HOME}/work
82 mount -t overlay -o lowerdir=${PRE_HOME}/lower,upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay $HOME || {
83 umount ${PRE_HOME}/lower
84 umount "$PRE_HOME"
85 rm -rf "$PRE_HOME"
86 rm -rf "$HOME"
87 exit 1
88 }
89 # If OverlayFS is not available, try AuFS
90 elif [ -x /sbin/mount.aufs ]; then
91 mount -t aufs -o br=${PRE_HOME}/upper:${PRE_HOME}/lower none $HOME || {
92 umount ${PRE_HOME}/lower
93 umount "$PRE_HOME"
94 rm -rf "$PRE_HOME"
95 rm -rf "$HOME"
96 exit 1
97 }
98 # If none of them is available, fall back to copy over
99 else
100 umount ${PRE_HOME}/lower
101 umount "$PRE_HOME"
102 rm -rf "$PRE_HOME"
103 mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; }
104 cp -rT $gs_skel "$HOME"
105 chown -R $USER:$USER "$HOME"
106 fi
107 # If BindFS is not available, just fall back to copy over
108 else
109 mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; }
110 cp -rT $gs_skel "$HOME"
111 chown -R $USER:$USER "$HOME"
112 fi
62 else113 else
114 mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; }
63 cp -rT /etc/skel/ "$HOME"115 cp -rT /etc/skel/ "$HOME"
116 chown -R $USER:$USER "$HOME"
64 fi117 fi
65 chown -R $USER:$USER "$HOME"118
66 usermod -d "$HOME" "$USER"119 usermod -d "$HOME" "$USER"
67120
68 #121 #
@@ -127,6 +180,7 @@
127 }180 }
128 GUEST_UID=`echo "$PWENT" | cut -f3 -d:`181 GUEST_UID=`echo "$PWENT" | cut -f3 -d:`
129 GUEST_HOME=`echo "$PWENT" | cut -f6 -d:`182 GUEST_HOME=`echo "$PWENT" | cut -f6 -d:`
183 GUEST_PRE_HOME=/tmp/.pre-$GUEST_USER
130184
131 if [ "$GUEST_UID" -ge 500 ]; then185 if [ "$GUEST_UID" -ge 500 ]; then
132 echo "Error: user $GUEST_USER is not a system user."186 echo "Error: user $GUEST_USER is not a system user."
@@ -146,6 +200,9 @@
146200
147 umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true201 umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true
148 rm -rf "$GUEST_HOME"202 rm -rf "$GUEST_HOME"
203 umount ${GUEST_PRE_HOME}/lower || umount -l ${GUEST_PRE_HOME}/lower || true
204 umount "$GUEST_PRE_HOME" || umount -l "$GUEST_PRE_HOME" || true
205 rm -rf "$GUEST_PRE_HOME"
149206
150 # remove leftovers in /tmp207 # remove leftovers in /tmp
151 find /tmp -mindepth 1 -maxdepth 1 -uid "$GUEST_UID" -print0 | xargs -0 rm -rf || true208 find /tmp -mindepth 1 -maxdepth 1 -uid "$GUEST_UID" -print0 | xargs -0 rm -rf || true

Subscribers

People subscribed via source and target branches