On Fri, 2020-05-15 at 12:34 -0700, James Bottomley wrote: > On Fri, 2020-05-15 at 12:17 -0700, Jerry Snitselaar wrote: > > On Fri May 15 20, Jarkko Sakkinen wrote: > > > On Thu, May 14, 2020 at 08:44:23PM -0700, James Bottomley wrote: > > > > On Fri, 2020-05-15 at 05:22 +0300, Jarkko Sakkinen wrote: > [...] > > > > > sudo ./keyctl-smoke.sh > > > > > 566201053 (0x80000000) > > > > > keyctl_read_alloc: Permission denied > > > > I get keyctl_read_alloc -EPERM when I 'sudo su' and try to play with > > keyctl print. > > If I 'sudo su -' and then try it works as expected. Also works for > > normal user. > > OK, I confirm on debian as well. If I create a key as real root and > then try to sudo su keyctl pipe it as an ordinary user, I get EPERM. > > It smells like a cockup in real vs effective permissions somewhere in > the keyctl handler. Doing "sudo su -" has always been required. "su -" must set some environment variables. This isn't a problem for dracut as it is running as root. Mimi
