From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
To: GUIX Help <help-guix@gnu.org>
Subject: Launching sway from sddm
Date: Fri, 24 Jun 2022 18:21:26 +0200 [thread overview]
Message-ID: <20220624182126.2e1deb19@primarylaptop.localdomain> (raw)
[-- Attachment #1: Type: text/plain, Size: 3400 bytes --]
Hi,
I've installed Guix system i686 to a partition of my computer, and I'd
really like to be able to launch sway from something else than a tty to
reduce the attack surface.
If I launch sway from a tty, if either sway or swaylock[2] crashes, and
that the computer is left unattended (for a short moment), it would
then leave a shell open for potential attackers.
With a display manager, the attack surface is reduced to only swaylock,
which is much better.
Sway seems to work fine on x86_64 with gdm. But gdm is not available
anymore on i686[1].
So making sway work with sddm looks like a good approach to me.
So I've used the following sddm configuration:
> (service sddm-service-type
> (sddm-configuration (display-server "wayland")))
And my user is declared like that:
> (user-account
> (name "gnutoo")
> (uid 1000)
> (group "gnutoo")
> (supplementary-groups '("audio" "netdev" "users" "video" "wheel")))
And with seatd configured in this way:
> (service seatd-service-type (seatd-configuration))
Or in this way:
> (service seatd-service-type
> (seatd-configuration
> (user "gnutoo")
> (group "gnutoo")))
or with elogind declared in this way:
> (elogind-service)
Then once I login, the mouse pointer becomes a X like with the one in
Xorg -retro, and sway is never launched, but I can still go back in a
tty if I want.
And .local/share/sddm/wayland-session.log appears with the following
content:
> XDG_RUNTIME_DIR is not set in the environment. Aborting.
With the following instead:
> (service sddm-service-type
> (sddm-configuration (display-server "x11")))
Then the display freezes and I can't go in a console anymore once I
tried to login in sddm.
I still managed to make it work manually in a strange way: I make sddm
use either elogind or seatd in my system.scm and then I would manually
login through a tty and become root and run seatd -u gnutoo -g
gnutoo, and once done, I can login in sway though sddm.
Before the seatd service was merged in Guix I managed to add a very
basic seatd service with no dependency, and having elogind + this seatd
service also worked. Now the merged seatd has dependencies and we end
up with the following error when adding both:
> guix system: error: service 'file-system-/sys/fs/cgroup' provided
> more than once
And according to people on #guix on liberachat, elogind and seatd aren't
supposed to be launched at the same time, so something looks strange
here.
I'm a bit lost here on what to do as I'm not familiar with elogind,
seatd, or even sddm.
Questions:
----------
- Is Xorg launched by SDDM? does it does it because sway fails?
- Where is XDG_RUNTIME_DIR supposed to be set?
And in general does someone has pointers on which direction to try to
look to debug that issue (to be able to get it fixed at some point)?
References:
-----------
[1]GDM now depends on rust, and bootstraping rust requires more than
3GiB of memory. And with an i686 userspace and kernel, we have 3GiB
of memory per process maximum, and with an x86_64 kernel and an i686
rootfs we have 4GiB of memory per process maximum. At some point I
managed to compile it under 4GiB but not yet under 3GiB.
[2]To launch swaylock I simply copied swaylock to ./ and I used chmod
and chown to set ./swaylock setuid root, and then it would work fine.
Denis.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2022-06-24 16:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-24 16:21 Denis 'GNUtoo' Carikli [this message]
2022-06-24 17:03 ` Launching sway from sddm (
2022-06-25 22:54 ` Denis 'GNUtoo' Carikli
2022-06-25 23:29 ` Denis 'GNUtoo' Carikli
2022-06-24 18:56 ` Timotej Lazar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220624182126.2e1deb19@primarylaptop.localdomain \
--to=gnutoo@cyberdimension.org \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.