Bug#765854: ecryptfs-utils: Private directory not automatically unmounted anymore on logout
Julian Andres Klode
jak at debian.org
Sat Oct 18 20:13:05 BST 2014
(adding pkg-systemd-maintainers at lists.alioth.debian.org to CC)
On Sat, Oct 18, 2014 at 08:31:38PM +0200, Julian Andres Klode wrote:
> Package: ecryptfs-utils
> Version: 103-3+b1
> Severity: important
> Tags: security
>
> Previously, a Private directory was automatically unmounted on logout. This
> does not happen anymore. One problem could be that the systemd user instance
> is not bound to logins and will most likely only exit after the last login,
> leaving a process running as that user, and thus causing ecryptfs-utils to
> think the user is still active.
>
> This is a regression from wheezy as far as I am aware.
>
So the reason appears to be that systemd keeps another PAM session around for
running its (sd-pam) and systemd --user processes, causing ecryptfs-umount-private
to think one session is still remaining. This means we have to run
ecryptfs-umount-private before exiting the systemd --user session.
The following user unit does this (called it ecryptfs-umount-private.service),
but I'm not sure if that's the best solution, if something in there is broken,
or how to correctly install that globally.
-- ecryptfs-umount-private.service:
[Unit]
Description=Umount Private directory
Before=systemd-exit.service
DefaultDependencies=no
Requires=shutdown.target
After=shutdown.target
[Service]
Type=oneshot
ExecStart=/usr/bin/ecryptfs-umount-private
[Install]
WantedBy=exit.target
--
Julian Andres Klode - Debian Developer, Ubuntu Member
See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
Be friendly, do not top-post, and follow RFC 1855 "Netiquette".
- If you don't I might ignore you.
More information about the Pkg-systemd-maintainers
mailing list