On Thu, May 23, 2019 at 04:58:27PM +0100, David Howells wrote: > Replace the uid/gid/perm permissions checking on a key with an ACL to allow > the SETATTR and SEARCH permissions to be split. This will also allow a > greater range of subjects to represented. > This patch broke 'keyctl new_session', and hence broke all the fscrypt tests: $ keyctl new_session keyctl_session_to_parent: Permission denied Output of 'keyctl show' is $ keyctl show Session Keyring 605894913 --alswrv 0 0 keyring: _ses 189223103 ----s-rv 0 0 \_ user: invocation_id - Eric
