Ensure that login profile data is ephemeral

session_manager_setup.sh

Index: session_manager_setup.sh
diff --git a/session_manager_setup.sh b/session_manager_setup.sh
index 7ff0e3f5ff007d92d06858b4f43d36f955689869..2e9f2642f3197e2ee7c104f290970eb9af453217 100644
--- a/session_manager_setup.sh
+++ b/session_manager_setup.sh
@@ -21,6 +21,7 @@ ${XAUTH} -q -f ${XAUTH_FILE} add :0 . ${MCOOKIE}
 
 export USER=chronos
 export DATA_DIR=/home/${USER}
+export LOGIN_PROFILE_DIR=${DATA_DIR}/Default
 export LOGNAME=${USER}
 export SHELL=/bin/bash
 export HOME=${DATA_DIR}/user
@@ -36,6 +37,16 @@ mkdir -p ${HOME} && chown ${USER}:${USER} ${HOME}
 ${XAUTH} -q -f ${XAUTH_FILE} add :0 . ${MCOOKIE} && \
   chown ${USER}:${USER} ${XAUTH_FILE}
 
+# Disallow the login profile from having persistent data until
+# http://code.google.com/p/chromium-os/issues/detail?id=1967 is resolved.
+if mount | grep -q "${LOGIN_PROFILE_DIR} "; then
+  umount -f ${LOGIN_PROFILE_DIR}
+fi
+rm -rf ${LOGIN_PROFILE_DIR}
+mkdir -p ${LOGIN_PROFILE_DIR}
+mount -n -t tmpfs -onodev,noexec,nosuid loginprofile ${LOGIN_PROFILE_DIR}
+chown ${USER}:${USER} ${LOGIN_PROFILE_DIR}
+
 # temporary hack to tell cryptohome that we're doing chrome-login
 touch /tmp/doing-chrome-login