From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id AHhbLADmtWKLdwEAbAwnHQ (envelope-from ) for ; Fri, 24 Jun 2022 18:27:44 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id KNoSLADmtWKqxgAAauVa8A (envelope-from ) for ; Fri, 24 Jun 2022 18:27:44 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1D16F22352 for ; Fri, 24 Jun 2022 18:27:44 +0200 (CEST) Received: from localhost ([::1]:49284 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o4m9l-0008Ow-LZ for larch@yhetil.org; Fri, 24 Jun 2022 12:27:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52130) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o4m6d-00056X-PD for help-guix@gnu.org; Fri, 24 Jun 2022 12:24:28 -0400 Received: from cyberdimension.org ([2001:910:1314:ffff::1]:44778 helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1o4m6b-0007PS-Mj for help-guix@gnu.org; Fri, 24 Jun 2022 12:24:27 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id 909bb50d for ; Fri, 24 Jun 2022 16:15:45 +0000 (UTC) Received: from primarylaptop.localdomain (localhost [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id 38415848 for ; Fri, 24 Jun 2022 16:15:45 +0000 (UTC) Date: Fri, 24 Jun 2022 18:21:26 +0200 From: Denis 'GNUtoo' Carikli To: GUIX Help Subject: Launching sway from sddm Message-ID: <20220624182126.2e1deb19@primarylaptop.localdomain> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.34; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/GHtMKCNh_.4cN9C6=0eHpvI"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=2001:910:1314:ffff::1; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1656088064; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=JE03CbHSSxSs622o7t3nA71Yjw+8Ye4vCjckh4aXebo=; b=sP4xHu5y+bti1lgTxBEcxUckfQIzjIgbHImNuqWSm3b2V0e5Cc5eH6Cs5dXz3ftjxDL+lB vzj9EqGnL+HHt+rlohaY6I9KrUrEHsoOWrY1lrPMbEU/PzjansInAg77X3wIdRsn7vwXHf 5QLZlKRe8ANCG5Jp94lrni/ndKb7v8ield7T9oaVkkJGLgbit3XlFocwV2dEe/Dht7lVfn D/nHHtHOEwRYGZ6rs+dw2iRPbPBoCnS7rcftVH+Qgq1xN3EX2M9zMIGNNVRbEb9gJaH+4j q7tRWcyHxYjqZCLIJuBaGNYmIT8Byu9mwwfkwgHkwEBE3KZS8jPRvapoesYUwA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1656088064; a=rsa-sha256; cv=none; b=jpo31RCgVlcM7+lxxAEQMOcoxQSCOmvec1gMMwpGTJmtgPupBW5QQ/reeYy3XsS4OgzUT0 ERj9AN5Jg842uiNwRpZdVwV0YQqXfTHUPq85gjzdYxNpomFRnHhL/QizuTgwa3cY4rUZyN TrCpkwCOi6jASjXUzqIHSoXW6qy/sS3rynwMPTbix+u0h46XZY22GjcSspftP0z/KanD8H fwLfW9Bp89IsvVC6Ufi1TKOrvj8Rm9OeR5sArby6Entd2yjHv9VGRensq423XmJfb3Xvut xuHSHsSWsUyYw5X6zLz/dGuog7uqZOvZWS8olwjaaLyVi/+CTjDMVqgtyUzVEg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -5.36 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 1D16F22352 X-Spam-Score: -5.36 X-Migadu-Scanner: scn0.migadu.com X-TUID: 7y211o27dqNx --Sig_/GHtMKCNh_.4cN9C6=0eHpvI Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi, I've installed Guix system i686 to a partition of my computer, and I'd really like to be able to launch sway from something else than a tty to reduce the attack surface. If I launch sway from a tty, if either sway or swaylock[2] crashes, and that the computer is left unattended (for a short moment), it would then leave a shell open for potential attackers. With a display manager, the attack surface is reduced to only swaylock, which is much better. Sway seems to work fine on x86_64 with gdm. But gdm is not available anymore on i686[1]. So making sway work with sddm looks like a good approach to me. So I've used the following sddm configuration: > (service sddm-service-type > (sddm-configuration (display-server "wayland"))) And my user is declared like that: > (user-account > (name "gnutoo") > (uid 1000) > (group "gnutoo") > (supplementary-groups '("audio" "netdev" "users" "video" "wheel"))) And with seatd configured in this way: > (service seatd-service-type (seatd-configuration)) Or in this way: > (service seatd-service-type > (seatd-configuration > (user "gnutoo") > (group "gnutoo"))) or with elogind declared in this way: > (elogind-service) Then once I login, the mouse pointer becomes a X like with the one in Xorg -retro, and sway is never launched, but I can still go back in a tty if I want. And .local/share/sddm/wayland-session.log appears with the following content: > XDG_RUNTIME_DIR is not set in the environment. Aborting. With the following instead: > (service sddm-service-type > (sddm-configuration (display-server "x11"))) Then the display freezes and I can't go in a console anymore once I tried to login in sddm. I still managed to make it work manually in a strange way: I make sddm use either elogind or seatd in my system.scm and then I would manually login through a tty and become root and run seatd -u gnutoo -g gnutoo, and once done, I can login in sway though sddm. Before the seatd service was merged in Guix I managed to add a very basic seatd service with no dependency, and having elogind + this seatd service also worked. Now the merged seatd has dependencies and we end up with the following error when adding both: > guix system: error: service 'file-system-/sys/fs/cgroup' provided > more than once And according to people on #guix on liberachat, elogind and seatd aren't supposed to be launched at the same time, so something looks strange here. I'm a bit lost here on what to do as I'm not familiar with elogind, seatd, or even sddm. Questions: ---------- - Is Xorg launched by SDDM? does it does it because sway fails? - Where is XDG_RUNTIME_DIR supposed to be set? And in general does someone has pointers on which direction to try to look to debug that issue (to be able to get it fixed at some point)? References: ----------- [1]GDM now depends on rust, and bootstraping rust requires more than 3GiB of memory. And with an i686 userspace and kernel, we have 3GiB of memory per process maximum, and with an x86_64 kernel and an i686 rootfs we have 4GiB of memory per process maximum. At some point I managed to compile it under 4GiB but not yet under 3GiB. [2]To launch swaylock I simply copied swaylock to ./ and I used chmod and chown to set ./swaylock setuid root, and then it would work fine. Denis. --Sig_/GHtMKCNh_.4cN9C6=0eHpvI Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmK15IcACgkQX138wUF3 4mNP/A//YYOT3tRmYAtl5SSpETgPymDmeYFxrRhii0XuqkoQ4As+W/60vMKfzS1H wHUZ7I5GJhaSQCgMt0baUtEmAfwjy/h8Fsu8ZIggCaX58WhyPebzQBCc9exlG5jw Ko+iKC8DiG9j42PE2r8zLJgK8iKcTeN5cPV6Rq+2DMadjg1V7MsucUmzJWYvE2Ig Ks3nIaUNbreH2JYxlbP7MUTPPDphI1//7wbz9gF9gJPntG9g9IIU78J49q0EwerR QxeZz2PAxFGSLs8H7Ub7UhdGFUI0JCoSvGlQQZx3kw+3IMPIsEdi3NprDh2ZUKb+ idxNnfXichPeY9LciGGmciJbyL7tXPoF1juPXJXDbnJ9+YqqGeYxPms5Qts+WFzL 3PdZVPF0CG3bVvBBiF1p48x3RqDXbHGBAszLATRSH67FZm0lDQUZgvIrlt7h3Fo8 Io4CR8hcVi3n7LD1Wi0+R9pS+60Q07jxsk68Gc26/VansCkdFtwS4pDduLyaGZTD vO8ujeuyFTfSknp8xeopHZVD/65L6clxLzcBUzMz1RrRFlk3GfJ7V4V72jRC7CKo SE+cPY57cl2ck3NNF6Wumt/pEINNaH8hb/FMZ68PAw1LIYgf7NBdC0xniRzPGCUQ 5JoF24AMvjUngfawHPrKvdbHbJla4YLKiJZgFkObKVFNAersOgU= =RA0w -----END PGP SIGNATURE----- --Sig_/GHtMKCNh_.4cN9C6=0eHpvI--