From owner-dev-commits-src-main@freebsd.org Tue Mar 2 21:59:02 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E2E6C552718; Tue, 2 Mar 2021 21:59:02 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Dqrck5ZVLz3Ql5; Tue, 2 Mar 2021 21:59:02 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: by sdaoden.eu (Postfix, from userid 1000) id 6B80316057; Tue, 2 Mar 2021 22:58:55 +0100 (CET) Date: Tue, 02 Mar 2021 22:58:54 +0100 From: Steffen Nurpmeso To: Ryan Moeller Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: ee21ee1572d4 - main - openzfs: attach pam_zfs_key to build Message-ID: <20210302215854.8IaH7%steffen@sdaoden.eu> In-Reply-To: <202103021227.122CRUDH011301@gitrepo.freebsd.org> References: <202103021227.122CRUDH011301@gitrepo.freebsd.org> User-Agent: s-nail v14.9.22-99-g733424fe OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. X-Rspamd-Queue-Id: 4Dqrck5ZVLz3Ql5 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2021 21:59:02 -0000 Ryan Moeller wrote in <202103021227.122CRUDH011301@gitrepo.freebsd.org>: ... |URL: https://cgit.FreeBSD.org/src/commit/?id=ee21ee1572d40a3b74f18638dae\ |38c1a9ad1e9e3 | |commit ee21ee1572d40a3b74f18638dae38c1a9ad1e9e3 |Author: Greg V |AuthorDate: 2021-03-02 11:01:14 +0000 |Commit: Ryan Moeller |CommitDate: 2021-03-02 12:26:59 +0000 | | openzfs: attach pam_zfs_key to build | | This PAM module allows unlocking encrypted user home datasets when | logging in (and changing passphrase when changing the account password)\ | , | see https://github.com/openzfs/zfs/pull/9903 | | Also supposed to unload the key when the last session for the user is | done, but there are EBUSY issues: | https://github.com/openzfs/zfs/issues/11222#issuecomment-731897858 Very interesting. This is "cool" per se. (Especially on encrypted block devices where a resume requires a password anyhow. I would not do it like this for myself, but don't mind this.) As i could not figure it out, how do you manage a session without having a supervisor like (please let me say the greedy monster) systemd? I wrote a pam_xdg module [1] to create the /run/user/PID of the XDG spec of FreeDesktop (as well as inject the other XDG path environment variables, optionally), but in the end i had to strip it down to the absolute core because session handling seemed impossible. (As in, daemonized scripts and important things like tmux, they keep on living even after the "session" has ended.) (In my superficial opinion PAM is a terrible and under-documented mess, and each and every module is left alone fiddling around with effective-[gu]id flags, for example, in order to work gracefully under all circumstances.) [1] https://git.sdaoden.eu/browse?p=s-toolbox.git;a=blob;f=pam_xdg.c;h=4c121e93ca76d2f53a9de67aa9bc100f639f6a05;hb=HEAD --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)