Bug#765854: ecryptfs-utils: Private directory not automatically unmounted anymore on logout
Julian Andres Klode
jak at debian.org
Sun Jan 8 18:13:24 GMT 2017
On Sun, Jan 08, 2017 at 04:58:35PM +0100, László Böszörményi (GCS) wrote:
> Hi Julian,
>
> On Fri, Jan 6, 2017 at 3:06 PM, Julian Andres Klode <jak at debian.org> wrote:
> > Second ping, more than 2 years later.
> >
> > Seriously, that's more than 2 years old now, with a simple workaround, and
> > security implications (private data remaining accessible after logout).
> Sure, I don't know how it was flying under my radar. :( Updated the
> package[1], but seems still failing to umount. Going to check it
> again, but may you check it as well?
Two points:
(1) Seems you install to lib/systemd/system - but the service would have to be
in lib/systemd/user to work (it's a user service)
(2) We found out on IRC later yesterday that the cause for this is that
pam_ecryptfs is in common-auth and common-session. The systemd
--user instance runs with the systemd-user pam configuration, which
only includes common-account and common-session-noninteractive
So while my workaround definitely works a more correct solution might
be to adjust the pam config and add ecryptfs to common-session-noninteractive
as well?
I'm not sure why there is a common-session-noninteractive and a
common-session - the latter is supposedly for both interactive
and non-interactive sessions, but not included by the former...
--
Debian Developer - deb.li/jak | jak-linux.org - free software dev
| Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline'). Thank you.
More information about the Pkg-systemd-maintainers
mailing list