pammount not unmounting encrypted home on logout

[josh]

Hi,

I have individually LUKS encrypted home dirs on my system which are
mounted at login via pammount. I have one, maybe two problems that I am
unable to track down, and which may be related.

First of all, the encrypted dirs seem to be getting mounted twice when
the user logs in. Here are the relevant lines in df output after login:

/dev/mapper/_dev_sdb1 57690744 20835188 36269436 37% /home/josh
/dev/sdb1 57690744 20835188 36269436 37% /home/josh

Secondly, and most importantly, the encrypted home partitions are not
being completely unmounted on logout. After logout, only one of the
above has been unmounted, df reports:

/dev/mapper/_dev_sdb1 57690744 20835284 36269340 37% /home/josh


This also happens even if lsof doesn't report any open files for the
user (a common cause of having the partion not unmounted, if memory
serves...)


The relevant line in /etc/security/pam_mount.conf.xml is:

<volume user="josh" mountpoint="/home/josh"
path="/dev/disk/by-uuid/967e7b41-b9cc-48f0-94e8-c2c3eb2a4dd0"
fstype="crypt" />

and this is the only reference to mounting this volume, i.e. no other
mounting lines somewhere in fstab or crypttab. I use disk-by-uuid
because udev does not always map the devices to the same letters, so
the disk the above partition is on is not always sdb (also a known
issue, again if memory serves...)

I consider it a serious security problem if the encrypted dirs aren't
automagically unmounted on logout, which at least partially defeats the
whole purpose of having them to begin with.

Any Ideas?

cheers,

-j