Find who is holding cryptsetup/LUKS encrypted home (some KDE/X vs common sense madness)

Question

I'm fighting some ridiculous no-so-eeasy to debug case with my cryptsetup/LUKS encrypted home directory.

The setup: I have partition that is dedicated to my user home directory and encrypted with cryptsetup/LUKSv2 (lets call this user "crypted"). The directory is automatically mounted on user logon with pam_mount module and unmounted as soon as last session of this user is closed. This seems to work pretty well even for KDE/Plasma session that is started by SDDM.

Unless another user (lets call it "plane") login into KDE/Plasma session while user with crypted (and mounted) home is still active. If so, pam_mount will fail to unmount crypted home on "crypted" user logout giving me:

(mount.c:72): Device sdaX_dmc is still in use
(mount.c:72): ehd_unload: Device or resource busy
(mount.c:887): unmount of /dev/sdaX failed

cryptsetup close sdaX_dmc will give same error preventing me from freeing the device.

This will last until "plane" user will logout and close KDE/Plasma session. Only then I will be able to close crypted device and login with "crypted" user again.

So, ok, not a problem, I thought and did a try to find who is guilty using lsof while "plane" user is still logged in and "crypted" user attempted logout with unmount failed, but:

lsof | grep '/home/<mountpoint>'
lsof | grep 'sdaX_dmc'

gave me exactly nothing. No process is accessing this directory.

Then I did a try with:

ofl /home/<mountpoint>

with no success.

SDDM itself is not a problem as I'm able to unmount "crypted" user home while SDDM active and after SDDM restart.

Any ideas how to find the process who is accessing/holding some third-party user home directory? Looks like some KDE/Waylan/X11 is in respond.

Answer 1

Finally I found that firejail is responsible for this. More info can be found here.

Answer 2

Have you tried

lsof +D '/home/<mountpoint>'

I get a report that looks like this (giving process and user):

root@OasisMega1:~# lsof +D .
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
      Output information may be incomplete.
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF     NODE NAME
Xorg      1793 root  mem    REG    8,3  1310728 12320774 ./.cache/mesa_shader_cache/index
mate-term 2918 root  cwd    DIR    8,3     4096 12320769 .
mate-term 2918 root  mem    REG    8,3    10974 12323714 ./.config/dconf/user
mate-term 2918 root  mem    REG    8,3        2 12321632 ./.cache/dconf/user
bash      8829 root  cwd    DIR    8,3     4096 12320769 .
lsof      8851 root  cwd    DIR    8,3     4096 12320769 .
lsof      8852 root  cwd    DIR    8,3     4096 12320769 .
root@OasisMega1:~# 

Maybe something you aren't expecting is keeping the device busy.

Similarly, examining the device directly:

lsof `df . | grep '/dev/' | awk '{ print $1 }' `