Package: libpam-mount
Version: 2.20-3+b2
Severity: important
X-Debbugs-Cc: [email protected]
Dear Maintainer,
* What led up to the situation?
I was trying to use libpam_mount to make safer partition for any user
on my systems.
mounting was working after a while, but closing the crypted mapper
cannot be done as it is considered active.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Was effective:
- open crypto device
- mounting crypto mapper on partition (created by the mounting)
- unmounting of user partition
- unmounting of tmpfs
Was ineffective
- closing of crypto device mapper
* What was the outcome of this action?
Closing device mapper was due to being still active. After tests and
check with debug option, i finally
observe that the process systemd --user of the user loging out was
still active when pam_mount try to close the mapper.
* What outcome did you expect instead?
That after activity out for the user, pam_mount succeed closing the
mapper
-- System Information:
Debian Release: 13.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.63+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libpam-mount depends on:
ii libc6 2.41-12+deb13u1
ii libcryptsetup12 2:2.7.5-2
ii libhx32t64 4.26-1
ii libmount1 2.41-5
ii libpam-runtime 1.7.0-5
ii libpam0g 1.7.0-5
ii libpcre2-8-0 10.46-1~deb13u1
ii libssl3t64 3.5.4-1~deb13u2
ii libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2
Versions of packages libpam-mount recommends:
ii libpam-mount-bin 2.20-3+b2
Versions of packages libpam-mount suggests:
ii cifs-utils 2:7.4-1
pn davfs2 <none>
pn fuse <none>
pn hxtools <none>
ii lsof 4.99.4+dfsg-2
ii openssl 3.5.4-1~deb13u2
ii psmisc 23.7-2
pn sshfs <none>
pn xfsprogs <none>
-- Configuration Files:
/etc/security/pam_mount.conf.xml changed:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="1" />
<!-- Volume definitions -->
<volume user="tzacos" pgrp="tzacos" fstype="crypt"
path="/dev/mapper/vg151-tzacos" mountpoint="tzacos_crypt" />
<volume user="tzacos" pgrp="tzacos" fstype="ext4"
path="/dev/mapper/tzacos_crypt" mountpoint="~" options="fsck,relatime" />
<!-- pam_mount parameters: General tunables -->
<lclmount>mount -t %(FSTYPE) -o
X-mount.owner=%(USERUID),X-mount.group=%(USERGID),X-mount.mode=0750 %(VOLUME)
%(MNTPT)</lclmount>
<umount> umount -f --lazy %(MNTPT) /run/user/$(USERUID)</umount>
<cryptmount>cryptsetup luksOpen %(VOLUME) %(MNTPT)</cryptmount>
<cryptumount>cryptsetup --debug luksClose %(MNTPT)</cryptumount>
<!--
<luserconf name=".pam_mount.conf.xml" />
-->
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions
allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions deny="suid,dev" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="yes" term="yes" kill="yes" />
<!-- pam_mount parameters: Volume-related -->
<mkmountpoint enable="1" remove="true" />
</pam_mount>
-- no debconf information
