unbrot/fedora-OEMDRV
1
0
Fork 0
forked from obel1x/fedora-OEMDRV
Code Pull Requests Activity

kwallet: unmount bind mount cleanly on session logout

Browse Source 
Switch kwalletd6-logon from --scope to a transient service with
RemainAfterExit=yes (kwalletd6 forks to background, so the service
must stay active after the main process exits). ExecStop runs
'sudo umount -l' to detach the wallet bind mount before gocryptfs
unmounts ~/data (Before=gocryptfs-home.service ordering).

install.sh adds a per-user sudoers drop-in so the user service
can call umount as root without a password.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Daniel unbrot Pätzold
2026-05-11 11:07:01 +02:00
parent 40843b8295
commit 3429ffa48f
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client_software/0010_kwallet/install.sh
+8
View File
@@ -125,4 +125,12 @@ if [[ $? -ne 0 ]]; then
exit 1
fi
echo "Done setting up kwallet from secure user folder."
# Sudoers rule so kwalletd6-logon.service ExecStop can unmount the bind mount (needs root)
# Filename must not contain '.' or end in '~' or sudo ignores it
_SUDOUSER_SAFE=$(printf '%s' "${SUDO_USER}" | tr -dc 'a-zA-Z0-9_-')
printf '%s ALL=(root) NOPASSWD: /usr/bin/umount -l %s\n' "${SUDO_USER}" "${WALLETPATH_CFG}" \
> "/etc/sudoers.d/kwallet-umount-${_SUDOUSER_SAFE}"
chmod 440 "/etc/sudoers.d/kwallet-umount-${_SUDOUSER_SAFE}"
exit 0