Description of problem: pam_mount fails to unmount and unmap the encrypted home directory partitions when logging off using GDM. I Tried logging off using the shell/ssh and pam_mount succeeded so it is probably an issue related to the combination of GDM and pam_mount. How reproducible: Steps to Reproduce: 1. Follow steps to encrypt home directory partition and attach pam_mount (from http://tredosoft.com/encrypt_home_directory_fedora_9) 2. log in with the user owning an encrypted home partition using GDM 3. log off immediately 4. As root you can still access the encrypted home directory Actual results: pam_mount fails to unmount the encrypted home directory and unmap the encrypted device. Expected results: pam_mount (forces?) unmounting the encrypted home directory and unmaps the encrypted partition Additional info: SELinux is currently in permissive mode . Luks is used for encrypting the home directory. On very rare occasions, manually unmounting the encrypted device shows a "device busy" error. lsof returns with an \n ! Workaround: as root unmount the encrypted partition after logging off by umount /home/guest1 && cryptsetup luksClose _dev_sdc3 If a "device busy" error was encountered unmount by umount -l /home/guest1 && cryptsetup luksClose _dev_sdc3
Created attachment 307263 [details] relevant /log/var/secure messages
Created attachment 307264 [details] relevant /log/var/messages messages
Blame GDM for not having made sure that its subprograms have terminated before calling umount. This does not just concern GDM (but predominantly Gnome and KDE), it actually applies to all programs running in the background and which are not a strict child of <your login program of preference, be it getty,gdm,kdm...> in the process hierarchy. You can use pam_mount >= 0.44 to force killing processes that block unmounting.
pam_mount 0.49 is available for Fedora 9, so you should not have any problems anymore. In case you still have, please leave a comment.