This is complicated because of reference counting. We should never clear these keys if they are in use elsewhere.
We have gone through great pains to handle this counting properly in umount.ecryptfs_private. Thus, we need to leverage thank. If, and only if, the umount actually succeeds should we clear these keys.
From my perspective, this can only happen in two places:
1) pam_ecryptfs, by checking the return code of the umount.ecryptfs_private call
2) umount.ecryptfs_private, *after* doing the unmount
Let me summarize where we're at...
This is complicated because of reference counting. We should never clear these keys if they are in use elsewhere.
We have gone through great pains to handle this counting properly in umount. ecryptfs_ private. Thus, we need to leverage thank. If, and only if, the umount actually succeeds should we clear these keys.
From my perspective, this can only happen in two places: ecryptfs_ private call ecryptfs_ private, *after* doing the unmount
1) pam_ecryptfs, by checking the return code of the umount.
2) umount.
I'm hoping to get this solve by karmic.
:-Dustin