Bug#765854: ecryptfs-utils: Private directory not automatically unmounted anymore on logout

Julian Andres Klode jak at debian.org
Sat Oct 18 19:13:05 UTC 2014


(adding pkg-systemd-maintainers at lists.alioth.debian.org to CC)

On Sat, Oct 18, 2014 at 08:31:38PM +0200, Julian Andres Klode wrote:
> Package: ecryptfs-utils
> Version: 103-3+b1
> Severity: important
> Tags: security
> 
> Previously, a Private directory was automatically unmounted on logout. This
> does not happen anymore. One problem could be that the systemd user instance
> is not bound to logins and will most likely only exit after the last login,
> leaving a process running as that user, and thus causing ecryptfs-utils to
> think the user is still active.
> 
> This is a regression from wheezy as far as I am aware.
> 

So the reason appears to be that systemd keeps another PAM session around for
running its (sd-pam) and systemd --user processes, causing ecryptfs-umount-private
to think one session is still remaining. This means we have to run 
ecryptfs-umount-private before exiting the systemd --user session.

The following user unit does this (called it ecryptfs-umount-private.service),
but I'm not sure if that's the best solution, if something in there is broken,
or how to correctly install that globally.

-- ecryptfs-umount-private.service:

[Unit]
Description=Umount Private directory
Before=systemd-exit.service
DefaultDependencies=no
Requires=shutdown.target
After=shutdown.target

[Service]
Type=oneshot
ExecStart=/usr/bin/ecryptfs-umount-private

[Install]
WantedBy=exit.target

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.

Be friendly, do not top-post, and follow RFC 1855 "Netiquette".
    - If you don't I might ignore you.



More information about the Pkg-systemd-maintainers mailing list