[Bug 1470030] Re: "gpg-agent --daemon" stays after login, causing ecryptfs to not get unmounted

Max 1470030 at bugs.launchpad.net
Sun Jan 8 05:07:52 UTC 2017 

I do not know if I will struggle with the bug further,
so I leave here some more notes.

Systemd does not track the process "(pam-sd)" that calls pam_close_session()
https://github.com/systemd/systemd/blob/v229/src/core/execute.c#L895

Sometimes the process reaches setgroups() or setgid() within private_dir().
http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/pam_ecryptfs/pam_ecryptfs.c#L370
The result is "Operation not permitted". In other cases it dies earlier.

I am curious if systemd design allows any non-trivial actions in pam_close_session().
Perhaps the issue may be alleviated by calling mount.ecryptfs_private
from a systemd's unit file.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1470030

Title:
  "gpg-agent --daemon" stays after login, causing ecryptfs to not get
  unmounted

Status in eCryptfs:
  Confirmed
Status in gnupg2 package in Ubuntu:
  Confirmed
Status in ecryptfs-utils package in Debian:
  New

Bug description:
  
  Tested:

      (ok)  Xubuntu 14 LTS - 14.04.2 - desktop amd64
      (bug) Ubuntu GNOME 15.04 - desktop i386
      (bug) Ubuntu MATE 15.04 - desktop i386
      (bug) Lubuntu 15.04 - desktop i386
      (bug) Xubuntu 16.04 (fully upgraded on 2016-04-03T10:56:53+02:00) - amd64

  
  How do I test:

      Installation - default with option to encrypt Home folder during
  installation

  I shutdown the machine. Start it.

  If I first login with root, root cannot see my user's HOME
  folder/files/ they are encrypted.

  
      * However, what happens on Ubuntu 15.04 and 16.04 (bug):

      If I login to my user, check files, then log off fully, eventually
  login with root, root can see my user's files because
  /home/_user_/.Private is still mounted.

  
      * What happens on Xubuntu 14.04 (expected behaviour):

      If I login to my user, then I log off, eventually login with root,
  root CANNOT read my user's home dir/files.


  I can replicate this very easily and with no problem. I really
  appreciate everyone's opinion and expert words. Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1470030/+subscriptions

More information about the foundations-bugs mailing list