summary refs log tree commit diff
path: root/gnu/services
diff options
context:
space:
mode:
authormuradm <mail@muradm.net>2022-07-22 07:09:54 +0300
committerLiliana Marie Prikler <liliana.prikler@gmail.com>2022-08-26 18:48:37 +0200
commitd1815a68ea48b0015d1beda423d4b2879d29d9ea (patch)
treefef6b03cfafd1a53b87562f52e5f1b3a161797e1 /gnu/services
parentde2f419618b9929cf65b477568f21bc77e218b70 (diff)
downloadguix-d1815a68ea48b0015d1beda423d4b2879d29d9ea.tar.gz
gnu: seatd-service-type: Use seat group.
* gnu/services/desktop.scm (seatd-group-sanitizer): New variable.
(<seatd-configuration>)[user]: Removed field.
[group]: Changed to "seat".  Sanitize via seatd-group-sanitizer.
(seatd-accounts): New variable.
(seatd-environment): Adjust to <seatd-configuration> ABI.
(seatd-service-type)[extensions]: Add account-service-type with seatd-accounts.
* gnu/tests/desktop.scm (run-minimal-desktop-test): Check for correct
ownership of $SEATD_SOCK.
* doc/guix.texi ("Desktop Services")[seatd-service-type]: Mention that users
may need to become members of the "seat" group.
Update default value for group field.
Add explanation on seatd.sock file.
Remove dropped user field.
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/desktop.scm23
1 files changed, 17 insertions, 6 deletions
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index f891d1b5cc..f60365abac 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Reza Alizadeh Majd <r.majd@pantherx.org>
 ;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
-;;; Copyright © 2021 muradm <mail@muradm.net>
+;;; Copyright © 2021, 2022 muradm <mail@muradm.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -69,6 +69,7 @@
   #:use-module (guix records)
   #:use-module (guix packages)
   #:use-module (guix store)
+  #:use-module (guix ui)
   #:use-module (guix utils)
   #:use-module (guix gexp)
   #:use-module (srfi srfi-1)
@@ -1643,12 +1644,19 @@ or setting its password with passwd.")))
 ;;; seatd-service-type -- minimal seat management daemon
 ;;;
 
+(define (seatd-group-sanitizer group-or-name)
+  (match group-or-name
+    ((? user-group? group) group)
+    ((? string? group-name) (user-group (name group-name) (system? #t)))
+    (_ (leave (G_ "seatd: '~a' is not a valid group~%") group-or-name))))
+
 (define-record-type* <seatd-configuration> seatd-configuration
   make-seatd-configuration
   seatd-configuration?
   (seatd seatd-package (default seatd))
-  (user seatd-user (default "root"))
-  (group seatd-group (default "users"))
+  (group seatd-group                    ; string | <user-group>
+         (default "seat")
+         (sanitize seatd-group-sanitizer))
   (socket seatd-socket (default "/run/seatd.sock"))
   (logfile seatd-logfile (default "/var/log/seatd.log"))
   (loglevel seatd-loglevel (default "info")))
@@ -1662,8 +1670,7 @@ or setting its password with passwd.")))
          (provision '(seatd elogind))
          (start #~(make-forkexec-constructor
                    (list #$(file-append (seatd-package config) "/bin/seatd")
-                         "-u" #$(seatd-user config)
-                         "-g" #$(seatd-group config))
+                         "-g" #$(user-group-name (seatd-group config)))
                    #:environment-variables
                    (list (string-append "SEATD_LOGLEVEL="
                                         #$(seatd-loglevel config))
@@ -1672,9 +1679,12 @@ or setting its password with passwd.")))
                    #:log-file #$(seatd-logfile config)))
          (stop #~(make-kill-destructor)))))
 
+(define seatd-accounts
+  (match-lambda (($ <seatd-configuration> _ group) (list group))))
+
 (define seatd-environment
   (match-lambda
-    (($ <seatd-configuration> _ _ _ socket)
+    (($ <seatd-configuration> _ _ socket)
      `(("SEATD_SOCK" . ,socket)))))
 
 (define seatd-service-type
@@ -1685,6 +1695,7 @@ to shared devices (graphics, input), without requiring the
 applications needing access to be root.")
    (extensions
     (list
+     (service-extension account-service-type seatd-accounts)
      (service-extension session-environment-service-type seatd-environment)
      ;; TODO: once cgroups is separate dependency we should not mount it here
      ;; for now it is mounted here, because elogind mounts it