From 2829d2015e4824dd18e68b5179a0f4f2ea0e20e0 Mon Sep 17 00:00:00 2001
From: Robert McQueen <rob@endlessos.org>
Date: Wed, 3 Mar 2021 20:55:54 +0000
Subject: [PATCH] README: add note about ordering pam_fscrypt before
 pam_systemd

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 73153ed0..6eb69ff5 100644
--- a/README.md
+++ b/README.md
@@ -425,6 +425,15 @@ locked data is inaccessible; this only needed for v1 encryption policies.  All
 the types also support the `debug` option which prints additional debug
 information to the syslog.
 
+Note that in order for encrypted home directories to work correctly,
+`pam_fscrypt.so` must be placed _before_ any other PAM Session modules which
+rely on access to the home directory, or start processes which access your
+home directory during the duration of your session. Particularly, systems
+which use `systemd-logind` for managing jobs and cgroups in user sessions
+should order `pam_fscrypt.so` ahead of `pam_systemd.so` to avoid disrupting
+user jobs that need access to directories protected with your login
+passphrase.
+
 ### Allowing `fscrypt` to check your login passphrase
 
 This step is only needed if you installed `fscrypt` from source code.