From 315dab23f2f0fea86f9516e86891950b3f138a8e Mon Sep 17 00:00:00 2001
From: Robert McQueen <rob@endlessos.org>
Date: Wed, 3 Mar 2021 11:34:55 +0000
Subject: [PATCH] pam_fscrypt/config: prioritise over other session modules

Services launched by systemd user sessions on Debian / Ubuntu systems
are often not able to access the home directory, because there is no
guarantee / requirement that pam_fscrypt is sequenced before
pam_systemd.

Although this pam-config mechanism is Debian-specific, the config file
is provided here upstream and unmodified in Debian. Raising the
priority here so that it's always ordered ahead of pam_systemd will
solve issues such as https://github.com/google/fscrypt/issues/270,
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964951 and
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1889416.

After a survey of pam-config files available in Debian bullseye, the
value of 100 was chosen as it appears after most other plugins that
could be involved in more explicit homedir configuration (eg pam_mount
at 128) but before those which seem unlikely to work without a home
directory (eg pam_ssh at 64).
---
 pam_fscrypt/config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pam_fscrypt/config b/pam_fscrypt/config
index d857e3bd..9b2eb8f9 100644
--- a/pam_fscrypt/config
+++ b/pam_fscrypt/config
@@ -1,6 +1,6 @@
 Name: fscrypt PAM passphrase support
 Default: yes
-Priority: 0
+Priority: 100
 Auth-Type: Additional
 Auth-Final:
 	optional	PAM_INSTALL_PATH