Keys not flushed from cache after logout #11
Description
There is known issue that keys aren't cleared from inode cache automatically after user session is closed. See here
Other issues include the filesystem cache that is not invalidated when the key is unlinked and still lets you see the plaintext filenames.
and here (same author)
Plaintext filenames still appear after detaching the key
That is a kernel issue. The dentries cache is not invalidated when you remove the key and still contains the plaintext filenames.
You must remount the device or force a filesystem cache flush with:
# echo 2 > /proc/sys/vm/drop_caches
During my tests it not only shows filenames as plaintext but their context too. You can see all keys in /proc/keys directory. keyctl show command display only keys set from current session.
Actual remedy for this is executing # sync && echo 2 > /proc/sys/vm/drop_caches command as described above. It may need executing as sync && echo 2 | sudo tee /proc/sys/vm/drop_caches in case of insufficient permissions. See here for avalaible documentation. According to this executing this command is only an one-off and hasn't any further consequences for running system.
The only question is, does pam_e4crypt has capability to taking care of this (flushing caches after session close) or some external tools have to be involved?