umount all user mounts on logout

roles/lmn_kde/tasks/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.debconf:
     name: wireshark-common
     question: wireshark-common/install-setuid
-    value: true
+    value: 'true'
     vtype: boolean
 
 - name: Preseed ttf-mscorefonts-installer

roles/lmn_mount/files/lmn-mounthome.sh

@@ -0,0 +1,3 @@
+if [[ "${UID}" -gt 60000 ]]; then
+	sudo /usr/local/bin/mounthome.sh &
+fi

roles/lmn_mount/tasks/main.yml

@@ -25,8 +25,8 @@
       <volume
         fstype="cifs"
         server="{{ smb_server }}"
-        path="{{ smb_share }}"
-        mountpoint="/lmn/media/%(USER)/.default-school"
+        path="{{ smb_share }}share"
+        mountpoint="/lmn/media/%(USER)/share"
         options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl"
         ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
       </volume>
@@ -78,17 +78,25 @@
     line: KillUserProcesses=yes
     insertafter: '#KillUserProcesses=no'
 
+- name: Umount all user-mounts on logout
+  blockinfile:
+    dest: /usr/share/sddm/scripts/Xstop
+    block: |
+      for i in $(mount | /usr/bin/grep "/lmn/media/" | /usr/bin/cut -f 3 -d ' '); do
+        umount $i
+      done
+      umount /srv/samba/schools/default-school
+
 - name: Deploy script to generate links in /lmn/media/$USER/
   copy:
-    src: lmn-linkhome.sh
+    src: lmn-mounthome.sh
     dest: /etc/profile.d/
     mode: '0644'
-  when: false
 
 - name: Bind mount lmn/media with nosuid directory
   ansible.posix.mount:
     src: /lmn/media
-    path: /lmn/nosuidmedia
+    path: /lmn/media
     opts: nosuid,bind
     state: present
     fstype: none

roles/lmn_vm/files/mounthome.sh

@@ -5,17 +5,24 @@ home="$(getent passwd "$SUDO_UID" | cut -d : -f 6 | sed 's|/srv/samba/schools/de
 
 exit_script() {
     echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
-    findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome"
-    findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome"
+    findmnt "/lmn/media/${SUDO_USER}/oldhome" && umount "/lmn/media/${SUDO_USER}/oldhome" && rmdir "/lmn/media/${SUDO_USER}/oldhome"
+    findmnt "/lmn/media/${SUDO_USER}/linuxhome" && umount "/lmn/media/${SUDO_USER}/linuxhome" && rmdir "/lmn/media/${SUDO_USER}/linuxhome"
+    trap - SIGHUP SIGINT SIGTERM # clear the trap
+    kill -- -$$ # Sends SIGTERM to child/sub processes
+}
+
+exit_script_home() {
+    echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
+    umount "/lmn/media/${SUDO_USER}/home"
     trap - SIGHUP SIGINT SIGTERM # clear the trap
     kill -- -$$ # Sends SIGTERM to child/sub processes
 }
 
 if [[ "$#" -gt 0 ]] && [[ "$1" = '-u' ]]; then
-    findmnt "/media/${SUDO_USER}/home"    && umount "/media/${SUDO_USER}/home"    && rmdir "/media/${SUDO_USER}/home"
-    #findmnt "/media/${SUDO_USER}/share"   && umount "/media/${SUDO_USER}/share"   && rmdir "/media/${SUDO_USER}/share"
-    findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome"
-    findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome"
+    findmnt "/lmn/media/${SUDO_USER}/home"    && umount "/lmn/media/${SUDO_USER}/home"    && rmdir "/lmn/media/${SUDO_USER}/home"
+    #findmnt "/lmn/media/${SUDO_USER}/share"   && umount "/lmn/media/${SUDO_USER}/share"   && rmdir "/lmn/media/${SUDO_USER}/share"
+    findmnt "/lmn/media/${SUDO_USER}/oldhome" && umount "/lmn/media/${SUDO_USER}/oldhome" && rmdir "/lmn/media/${SUDO_USER}/oldhome"
+    findmnt "/lmn/media/${SUDO_USER}/linuxhome" && umount "/lmn/media/${SUDO_USER}/linuxhome" && rmdir "/lmn/media/${SUDO_USER}/linuxhome"
 elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
     echo "Einbinden der Daten des alten/bisherigen Systems (PaedML Novell)."
     echo "Bitte den Username und Passwort aus dem ALTEN System eingeben."
@@ -23,12 +30,12 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
     read -srp "Passwort: " PASSWD
     export PASSWD
     echo
-    mkdir -p "/media/${SUDO_USER}/oldhome"
+    mkdir -p "/lmn/media/${SUDO_USER}/oldhome"
     #errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \
-    #	    "//192.168.1.2/DOCS/fvs" "/media/${SUDO_USER}/oldhome")
+    #	    "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome")
     #if [[ ! "${errcode}" ]]; then
-    mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \
-	    "//192.168.1.2/DOCS/fvs" "/media/${SUDO_USER}/oldhome"
+    mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \
+	    "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome"
     #echo "Mounting successfull!"
     echo "Einbindung erfolgreich!"
     echo "Dieses Fenster bitte nicht schließen!"
@@ -40,9 +47,9 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-l' ]; then
     echo "Bitte den Username und Passwort aus dem ALTEN System (PaedML Novell) eingeben."
     echo "Bitte auch Groß- und Kleinschreibung achten."
     read -rp "Username: " username
-    mkdir -p "/media/${SUDO_USER}/linuxhome"
+    mkdir -p "/lmn/media/${SUDO_USER}/linuxhome"
     mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=1010,reconnect" \
-          "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/media/${SUDO_USER}/linuxhome"
+          "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/lmn/media/${SUDO_USER}/linuxhome"
     #echo "Mounting successfull!"
     echo "Einbindung erfolgreich!"
     echo "Dieses Fenster bitte nicht schließen!"
@@ -54,19 +61,22 @@ else
     #chown "${SUDO_USER}:1010" "/media/${SUDO_USER}"
     chgrp 1010 "/lmn/media/${SUDO_USER}"
     chmod 0770 "/lmn/media/${SUDO_USER}"
-    if ! findmnt "/lmn/media/${SUDO_USER}/share"; then
-      [[ -d "/lmn/media/${SUDO_USER}/share" ]] || mkdir "/lmn/media/${SUDO_USER}/share"
-      mount --bind "/lmn/media/${SUDO_USER}/.default-school/share" "/lmn/media/${SUDO_USER}/share"
-    fi
+    #if ! findmnt "/lmn/media/${SUDO_USER}/share"; then
+    #  [[ -d "/lmn/media/${SUDO_USER}/share" ]] || mkdir "/lmn/media/${SUDO_USER}/share"
+    #  mount --bind "/lmn/media/${SUDO_USER}/.default-school/share" "/lmn/media/${SUDO_USER}/share"
+    #fi
     if ! findmnt "/lmn/media/${SUDO_USER}/home"; then
       [[ -d "/lmn/media/${SUDO_USER}/home" ]] || mkdir "/lmn/media/${SUDO_USER}/home"
       home="$(getent passwd $SUDO_USER | cut -d: -f6)"
-      mount --bind "/lmn/media/${SUDO_USER}/.default-school/${home##/srv/samba/schools/default-school/}" "/lmn/media/${SUDO_USER}/home"
+      mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,nobrl,mfsymlinks" \
+           "//server/default-school/${home##/srv/samba/schools/default-school/}" "/lmn/media/${SUDO_USER}/home"
+      trap exit_script_home SIGHUP SIGINT SIGTERM
+      sleep infinity 
     fi
-    #mkdir -p "/media/${SUDO_USER}/home"
-    #mkdir -p "/media/${SUDO_USER}/share"
+    #mkdir -p "/lmn/media/${SUDO_USER}/home"
+    #mkdir -p "/lmn/media/${SUDO_USER}/share"
     #mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
-    #       "//server/default-school/${home}" "/media/${SUDO_USER}/home"
+    #       "//server/default-school/${home}" "/lmn/media/${SUDO_USER}/home"
     #mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
-    #       "//server/default-school/share" "/media/${SUDO_USER}/share"
+    #       "//server/default-school/share" "/lmn/media/${SUDO_USER}/share"
 fi

roles/lmn_vm/files/run-vm.sh

@@ -108,7 +108,7 @@ fi
 ## check, if we have to mount home
 #if ! findmnt "/media/${USER}/home"; then
 #    echo "mounting home."
-    sudo mounthome.sh
+    sudo mounthome.sh &
 #fi
 
 # because virsh has problems with long pathnames, using diffent configdir
@@ -124,9 +124,10 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
     virsh --connect=qemu:///session undefine "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist"
     # finally, create the new vm
     virsh --connect=qemu:///session define "${VM_DIR}/${VM_NAME}-clone.xml"
-    trap exit_script SIGHUP SIGINT SIGTERM
+    #trap exit_script SIGHUP SIGINT SIGTERM
     [[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/start-virtiofsd.sh "${VM_NAME}"
     virsh --connect="${QEMU}" start "${VM_NAME}-clone"
 fi
 echo "starting viewer"
+trap exit_script SIGHUP SIGINT SIGTERM
 virt-viewer --connect="${QEMU}" --full-screen "${VM_NAME}-clone"

roles/lmn_vm/files/start-virtiofsd.sh

@@ -19,7 +19,7 @@ fi
 [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]] && /usr/bin/rm "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"
 #sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" --announce-submounts -o source="/media/${USER}" -o sandbox=chroot > /dev/null &
 #sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" -o source="/media/${USER}" -o sandbox=chroot > /dev/null &
-/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/nosuidmedia/${SUDO_USER}" -o sandbox=chroot > /dev/null &
+/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/media/${SUDO_USER}" -o sandbox=chroot > /dev/null &
 # Wait until socket-File exists and chown to user
 until [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]]; do
    echo "waiting for ${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"