Comment 12 for bug 1470030

I do not know if I will struggle with the bug further,
so I leave here some more notes.

Systemd does not track the process "(pam-sd)" that calls pam_close_session()
https://github.com/systemd/systemd/blob/v229/src/core/execute.c#L895

Sometimes the process reaches setgroups() or setgid() within private_dir().
http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/pam_ecryptfs/pam_ecryptfs.c#L370
The result is "Operation not permitted". In other cases it dies earlier.

I am curious if systemd design allows any non-trivial actions in pam_close_session().
Perhaps the issue may be alleviated by calling mount.ecryptfs_private
from a systemd's unit file.