Add kill-vboxdrmclient-on-shutdown.service

debian/security-misc-shared.install

@@ -57,6 +57,7 @@ usr/libexec/security-misc/hide-hardware-info#security-misc-shared => /usr/libexe
 usr/libexec/security-misc/virusforget#security-misc-shared => /usr/libexec/security-misc/virusforget
 usr/libexec/security-misc/pam_faillock_not_if_x#security-misc-shared => /usr/libexec/security-misc/pam_faillock_not_if_x
 usr/libexec/security-misc/block-unsafe-logins#security-misc-shared => /usr/libexec/security-misc/block-unsafe-logins
+usr/libexec/security-misc/kill-vboxdrmclient-on-shutdown#security-misc-shared => /usr/libexec/security-misc/kill-vboxdrmclient-on-shutdown
 usr/src/security-misc/emerg-shutdown.c#security-misc-shared => /usr/src/security-misc/emerg-shutdown.c
 usr/bin/disabled-gps-by-security-misc#security-misc-shared => /usr/bin/disabled-gps-by-security-misc
 usr/bin/disabled-netfilesys-by-security-misc#security-misc-shared => /usr/bin/disabled-netfilesys-by-security-misc
@@ -90,6 +91,7 @@ usr/lib/systemd/system/remount-secure.service#security-misc-shared => /usr/lib/s
 usr/lib/systemd/system/ensure-shutdown.service#security-misc-shared => /usr/lib/systemd/system/ensure-shutdown.service
 usr/lib/systemd/system/sysinit-post.target#security-misc-shared => /usr/lib/systemd/system/sysinit-post.target
 usr/lib/systemd/system/ensure-shutdown-trigger.service#security-misc-shared => /usr/lib/systemd/system/ensure-shutdown-trigger.service
+usr/lib/systemd/system/kill-vboxdrmclient-on-shutdown.service#security-misc-shared => /usr/lib/systemd/system/kill-vboxdrmclient-on-shutdown.service
 usr/lib/systemd/user/usbguard-notifier.service.d/30_security-misc.conf#security-misc-shared => /usr/lib/systemd/user/usbguard-notifier.service.d/30_security-misc.conf
 usr/lib/systemd/pstore.conf.d/30_security-misc.conf#security-misc-shared => /usr/lib/systemd/pstore.conf.d/30_security-misc.conf
 usr/lib/udev/rules.d/95-emerg-shutdown.rules#security-misc-shared => /usr/lib/udev/rules.d/95-emerg-shutdown.rules

usr/lib/systemd/system/kill-vboxdrmclient-on-shutdown.service#security-misc-shared

@@ -0,0 +1,15 @@
+## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+[Unit]
+Description=kill VBoxDRMClient during shutdown to allow /tmp to be unmounted properly
+ConditionVirtualization=oracle
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=true
+ExecStop=/usr/libexec/security-misc/kill-vboxdrmclient-on-shutdown
+
+[Install]
+WantedBy=multi-user.target

usr/libexec/security-misc/kill-vboxdrmclient-on-shutdown#security-misc-shared

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
+## See file COPYING for copying conditions.
+
+set -o errexit
+set -o nounset
+set -o errtrace
+set -o pipefail
+
+vboxdrmclient_sock='/tmp/.iprt-localipc-DRMIpcServer'
+
+if ! [ -S "$vboxdrmclient_sock" ]; then
+  printf '%s\n' "'$vboxdrmclient_sock' does not exist or is not a socket, ok."
+  exit 0
+fi
+
+sock_pid="$(/usr/libexec/helper-scripts/query-sock-pid "$vboxdrmclient_sock")" || true
+if [ -z "$sock_pid" ]; then
+  printf '%s\n' "Cannot get PID listening on '$vboxdrmclient_sock', ok."
+  exit 0
+fi
+if kill -SIGKILL "$sock_pid"; then
+  printf '%s\n' "Killed VBoxDRMClient ('$sock_pid'), ok."
+  exit 0
+fi
+
+printf '%s\n' "ERROR: Could not kill VBoxDRMClient ('$sock_pid')!"
+exit 1