Ubuntu
ecryptfs-utils package

  1. Bug #313812
  2. Comment #13

Comment 13 for bug 313812

Revision history for this message
Dustin Kirkland  (kirkland) wrote : Re: umount of ecryptfs does not automatically clear the keyring (was: ecryptfs can be mounted with any passphrase)

Let me summarize where we're at...

This is complicated because of reference counting. We should never clear these keys if they are in use elsewhere.

We have gone through great pains to handle this counting properly in umount.ecryptfs_private. Thus, we need to leverage thank. If, and only if, the umount actually succeeds should we clear these keys.

From my perspective, this can only happen in two places:
 1) pam_ecryptfs, by checking the return code of the umount.ecryptfs_private call
 2) umount.ecryptfs_private, *after* doing the unmount

I'm hoping to get this solve by karmic.

:-Dustin