Hi David, On Tue, Jul 09, 2019 at 06:16:01PM -0700, Eric Biggers wrote: > On Thu, May 23, 2019 at 04:58:27PM +0100, David Howells wrote: > > Replace the uid/gid/perm permissions checking on a key with an ACL to allow > > the SETATTR and SEARCH permissions to be split. This will also allow a > > greater range of subjects to represented. > > > > This patch broke 'keyctl new_session', and hence broke all the fscrypt tests: > > $ keyctl new_session > keyctl_session_to_parent: Permission denied > > Output of 'keyctl show' is > > $ keyctl show > Session Keyring > 605894913 --alswrv 0 0 keyring: _ses > 189223103 ----s-rv 0 0 \_ user: invocation_id > > - Eric This bug is still present in next-20190729. - Eric
