I'm fighting some ridiculous no-so-eeasy to debug case with my cryptsetup/LUKS encrypted home directory.
The setup: I have partition that is dedicated to my user home directory and encrypted with cryptsetup/LUKSv2 (lets call this user "crypted"). The directory is automatically mounted on user logon with pam_mount module and unmounted as soon as last session of this user is closed. This seems to work pretty well even for KDE/Plasma session that is started by SDDM.
Unless another user (lets call it "plane") login into KDE/Plasma session while user with crypted (and mounted) home is still active. If so, pam_mount will fail to unmount crypted home on "crypted" user logout giving me:
(mount.c:72): Device sdaX_dmc is still in use
(mount.c:72): ehd_unload: Device or resource busy
(mount.c:887): unmount of /dev/sdaX failed
cryptsetup close sdaX_dmc will give same error preventing me from freeing the device.
This will last until "plane" user will logout and close KDE/Plasma session. Only then I will be able to close crypted device and login with "crypted" user again.
So, ok, not a problem, I thought and did a try to find who is guilty using lsof while "plane" user is still logged in and "crypted" user attempted logout with unmount failed, but:
lsof | grep '/home/<mountpoint>'
lsof | grep 'sdaX_dmc'
gave me exactly nothing. No process is accessing this directory.
Then I did a try with:
ofl /home/<mountpoint>
with no success.
SDDM itself is not a problem as I'm able to unmount "crypted" user home while SDDM active and after SDDM restart.
Any ideas how to find the process who is accessing/holding some third-party user home directory? Looks like some KDE/Waylan/X11 is in respond.
Finally I found that firejail is responsible for this. More info can be found here.