Skip to content

Instantly share code, notes, and snippets.

@mhorst00

mhorst00/homed-aeon.md

Last active September 17, 2024 18:37
Show Gist options
  • Save mhorst00/1f7f2a920c16ec749df2310d8b3d44d7 to your computer and use it in GitHub Desktop.
Save mhorst00/1f7f2a920c16ec749df2310d8b3d44d7 to your computer and use it in GitHub Desktop.
Download ZIP
Systemd-homed on OpenSUSE Aeon
Raw
homed-aeon.md

Setting up systemd-homed on OpenSUSE Aeon

  1. Set up PAM correctly:
sudo pam-config -a --systemd_home
  1. Enable systemd-homed.service on boot:
sudo systemctl enable --now systemd-homed
  1. Enable dm-crypt kernel module for loading on boot and insert it now:
echo "dm-crypt" | sudo tee /etc/modules-load.d/dm-crypt.conf && sudo modprobe dm-crypt
  1. Temporarily set SELinux to permissive for debugging:
sudo setenforce permissive
  1. Create a new systemd-homed user (just for testing, not for daily use!):
homectl create testuser

  1. Log out of your user account and try to login to the new homed user from GDM. You will need to manually enter the username with option "not listed". Afterwards, log in back to your regular user account.

  2. Gather SELinux violations to create custom policy (you can add -w to add explanations for each violation):

sudo audit2allow -b >> somefilename.txt
  1. Create your own custom module out of the gathered violations:
sudo audit2allow -i somefilename.txt -M homed
  1. Insert your custom module:
sudo semodule -i homed.pp
  1. Re-enable SELinux:
sudo setenforce enforcing
  1. Reboot your system and you should be able to use systemd-homed just fine. GDM will also remember a manually entered user after the first time. To migrate an existing user into homed, follow this guide: https://systemd.io/CONVERTING_TO_HOMED/

Additional notes

Emergency troubleshooting

Since all this is experimental and not fully tested at all, set a root password with sudo passwd root or setup another non-homed user with sudo privileges. Then you can login to an emergency shell in GDM (Alt+Shift+F2) and fix any occuring errors. Especially helpful if your SELinux policy did not contain all needed rules at once and you cannot login.

Podman

Podman is a little bit special regarding sub-uids and sub-gids. You will need to manually fix those like described here: https://rootlesscontaine.rs/getting-started/common/subuid/#advanced-information

References

  1. https://systemd.io/CONVERTING_TO_HOMED/
  2. https://systemd.io/HOME_DIRECTORY/
  3. https://systemd.io/UIDS-GIDS/
  4. https://www.freedesktop.org/software/systemd/man/latest/userdbctl.html
  5. https://www.freedesktop.org/software/systemd/man/latest/homectl.html
  6. https://www.freedesktop.org/software/systemd/man/latest/systemd-homed.service.html
  7. https://www.freedesktop.org/software/systemd/man/latest/pam_systemd_home.html
  8. https://www.freedesktop.org/software/systemd/man/latest/homed.conf.html#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment