[Bug 1470030] Re: "gpg-agent --daemon" stays after login, causing ecryptfs to not get unmounted

Tue Jan 3 04:25:22 UTC 2017

It seems that gpg-agent is not the only thing that prevents
encrypted directory from being unmounted. I suspect
that systemd having PID 1 (init) kills systemd --user
while it is preparing to unmount the home directory.

Some observations.

At first I disabled gpg-agent in ~/.gnupg/gpg.conf file.
It did not help. I tried to log in from tty to avoid
complications with display manager and session.d files.
I faced quite strange behavior, the ecryptfs directory
became unmounted every second logout. Every odd
login mount count in /dev/shm is 2, every event
login there is no file in /dev/shm and user keyring
is empty (keyctl list @u).

Than I rebuild ecryptfs-utils package with more
syslog calls added to src/pam_ecryptfs/pam_ecryptfs.c:private_dir().
I am not completely sure but it looks like
systemd --user is got killed while running pam modules.
I see log messages that private_dir() is invoked
but it is not finished. Log messages are lost,
the point when it happens is random
(e.g. before or after fork).
The next message in the logs is

 systemd[1]: Stopped User Manager for UID 1007.

umount.ecryptfs_private is not executed for systemd --user,
however it decreases mount count while launched on shutdown
of the login process.

It seems that systemd --user process is not a problem per se
since the mount counter in /dev/shm works.
I am unsure if the keys are cleared at the proper moment
since it leads to funny umount cycle.

The challenge is to properly stop gpg-agent and let
pam to complete his close session hooks when it is invoked
from user's systemd process.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1470030

Title:
  "gpg-agent --daemon" stays after login, causing ecryptfs to not get
  unmounted

Status in eCryptfs:
  Confirmed
Status in gnupg2 package in Ubuntu:
  Confirmed
Status in ecryptfs-utils package in Debian:
  New

Bug description:

  Tested:

      (ok)  Xubuntu 14 LTS - 14.04.2 - desktop amd64
      (bug) Ubuntu GNOME 15.04 - desktop i386
      (bug) Ubuntu MATE 15.04 - desktop i386
      (bug) Lubuntu 15.04 - desktop i386
      (bug) Xubuntu 16.04 (fully upgraded on 2016-04-03T10:56:53+02:00) - amd64

  How do I test:

      Installation - default with option to encrypt Home folder during
  installation

  I shutdown the machine. Start it.

  If I first login with root, root cannot see my user's HOME
  folder/files/ they are encrypted.

      * However, what happens on Ubuntu 15.04 and 16.04 (bug):

      If I login to my user, check files, then log off fully, eventually
  login with root, root can see my user's files because
  /home/_user_/.Private is still mounted.

      * What happens on Xubuntu 14.04 (expected behaviour):

      If I login to my user, then I log off, eventually login with root,
  root CANNOT read my user's home dir/files.

  I can replicate this very easily and with no problem. I really
  appreciate everyone's opinion and expert words. Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1470030/+subscriptions