On Mon, 2017-10-09 at 17:23 +0800, er_tou wrote: > > hello, > I encountered a problem, execute the following command to show the error. > $ su -c 'mkdir -p /etc/keys' > # To create and save the kernel master key (user type): > $ su -c 'modprobe trusted encrypted' > $ su -c 'keyctl add user kmk-user "`dd if=/dev/urandom bs=1 count=32 2>/dev/null`" @u' > $ su -c 'keyctl pipe `keyctl search @u user kmk-user` > /etc/keys/kmk-user.blob' > show "keyctl_read_alloc: Permission denied". > > > Problem location is 'keyctl pipe'. > [root@localhost ima_key_sign]# cat /proc/keys > 029fddf9 I------ 1 perm 1f030000 0 0 asymmetri CentOS Linux kernel signing key: d48863a7c16fcc274123e6298f74f057af19fc54: X509.RSA af19fc54 [] > 034d0e68 I--Q--- 1 perm 1f3f0000 1000 65534 keyring _uid.1000: empty > 0a1ab8e3 I--Q--- 1 perm 3f010000 0 0 user kmk-user: 10 > > > This keyring “kmk-user” don't have read permission. > Anyone have the question ? > I hope get help? Thank, Thank, Thank Sorry, I'm not seeing this problem. Have you tried running the commands as real root (eg. "su -"), not "su -c"? Mimi > > ---------------------------------------------------------------------------------------- > but, below command can execute. > $ mkdir -p /etc/keys > # To create and save the kernel master key (user type): > $ modprobe trusted encrypted > $ keyctl add user kmk-user "`dd if=/dev/urandom bs=1 count=32 2>/dev/null`" @u > $ keyctl pipe `keyctl search @u user kmk-user` > /etc/keys/kmk-user.blob > > > Thanks,Looking forward to your reply! >
