[Bug] xfce4-screensaver pam not unlocking mount point #360
Description
I'm using arch linux & followed the wiki to setup fcrypt. It's great. Now, additionally I've configured a systemd hook to lock my home directory on a sleep call. It works great. Now, waking & logging back in, my mount point remains locked with no changes to the pam structure, which I thought was weird.
I'm using xfce and I noticed the lock screen has it's own pam configuration it calls xfce4-screensaver in /etc/pam.d/
I've tried setting it up to mimic the existing pam-stack but to no avail, and in fact the minimal-reproducible case is this, which is the bare-minimum as mentioned in the docs.
auth required pam_unix.so
auth optional pam_fscrypt.so debug
session required pam_unix.so
session optional pam_fscrypt.so debug
and it's unfortunately not working with this error:
Aug 15 14:45:24 super pam_fscrypt[12965]: Current privs (real, effective): uid=(1000,1000) gid=(1000,1000) groups=[998 1000]
Aug 15 14:45:24 super pam_fscrypt[12965]: Setting euid=1000 egid=1000 groups=[1000 998]
Aug 15 14:45:24 super pam_fscrypt[12965]: Authenticate(map[debug:true]) failed: setting groups: operation not permitted
Looking into it a bit, it's coming from here which is simply calling libc here.
I'm guessing it's something to do with the xfce process running as user 1000 and perms not chaining right, but ideally this would just work ™️ like the system-login pam stack via the light-dm greeter service. I think I can (maybe?) get around it with a systemd hook but the issue is that I need the password passed in and this is precisely what pam is for