I do not know if I will struggle with the bug further, so I leave here some more notes.
Systemd does not track the process "(pam-sd)" that calls pam_close_session() https://github.com/systemd/systemd/blob/v229/src/core/execute.c#L895
Sometimes the process reaches setgroups() or setgid() within private_dir(). http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/pam_ecryptfs/pam_ecryptfs.c#L370 The result is "Operation not permitted". In other cases it dies earlier.
I am curious if systemd design allows any non-trivial actions in pam_close_session(). Perhaps the issue may be alleviated by calling mount.ecryptfs_private from a systemd's unit file.
I do not know if I will struggle with the bug further,
so I leave here some more notes.
Systemd does not track the process "(pam-sd)" that calls pam_close_session() /github. com/systemd/ systemd/ blob/v229/ src/core/ execute. c#L895
https:/
Sometimes the process reaches setgroups() or setgid() within private_dir(). bazaar. launchpad. net/~ecryptfs/ ecryptfs/ trunk/view/ head:/src/ pam_ecryptfs/ pam_ecryptfs. c#L370
http://
The result is "Operation not permitted". In other cases it dies earlier.
I am curious if systemd design allows any non-trivial actions in pam_close_ session( ). private
Perhaps the issue may be alleviated by calling mount.ecryptfs_
from a systemd's unit file.