Re: Systemd and kernel keyring

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mi, 05.12.18 19:11, Dinesh Prasanth Moluguwan Krishnamoorthy (dmoluguw@xxxxxxxxxx) wrote:

> Hi team,
>
> I'm working on accessing kernel keyring in my application started using
> systemd.
>
> The list of steps I'm doing:
>
> 1. Starting a systemd service with `KeyringMode=shared` as a SPECIFIC
> USER
> 2. In the `ExecStartPre`, I'm launching a subprocess that invokes
> `systemd-ask-password` to accept the input and store it in the USER's
> kernel keyring
> 3. In the main program started using `ExecStart`, I'm accessing the
> value stored in the keyring
>
> I'm able to access the values from my main program -- everything works
> as expected! When I try to login as that specific user and do a `keyctl
> show @u`, I find the entry.
>
> However, when I try to do `keyctl print <keyID>`, it throws "Permission
> Denied" error. IIUC, this protects the keys in the keyring from
> accessing outside the systemd service. Is it the desired behaviour?

Hmm, maybe use "keyctl list @u" to see the key and its access mode?

Lennart

--
Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux