Okay, fixed this once and for all in r520!
Big thanks to Tyler and Serge for helping find a suitable approach (and
believe me, I have spent several days trying several different
approaches).
So the current fix modifies the setuid umount.ecryptfs_private helper.
We can't do it in umount.ecryptfs, because this runs as root, and root
can't unlink the non-root user's keys (at least not with the existing
implementation). But if we do it in the umount.ecryptfs_private helper,
we can do it as the user before doing the setuid(0) and calling the
unmount. Note that the failure to unlink the keys is a non-fatal error.
A suitable message (and a pointer to how to unlink keys correctly) is
shown on stderr, but the unlink proceeds. Doing this here is quite
nice, as it allows us to use the reference counting code, etc, and only
unlink when there are no other open references to the mount.
This will be released in ecryptfs-utils-85.
** Changed in: ecryptfs
Status: In Progress => Fix Committed
** Changed in: ecryptfs-utils (Ubuntu Natty)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/313812
Title:
umount of ecryptfs does not automatically clear the keyring (can be
mounted by root later)
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
