Hi Dinesh, In that case I suggest you start by reading: http://man7.org/linux/man-pages/man7/keyrings.7.html What does cat /proc/keys say? -Sietse -----Original Message----- From: systemd-devel <systemd-devel-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Dinesh Prasanth Moluguwan Krishnamoorthy Sent: Thursday, 6 December, 2018 23:38 To: Lennart Poettering <mzerqung@xxxxxxxxxxx> Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Systemd and kernel keyring Hi Lennart, [pkiuser@localhost] $ keyctl list @u 1 key in keyring: 114920030: --alswrv 17 17 user: nuxwdog:user That's the attrs of the created key.I'm not sure how to read these attributes, though. Regards, Dinesh On Thu, 2018-12-06 at 14:38 +0100, Lennart Poettering wrote: > On Mi, 05.12.18 19:11, Dinesh Prasanth Moluguwan Krishnamoorthy ( > dmoluguw@xxxxxxxxxx) wrote: > > > Hi team, > > > > I'm working on accessing kernel keyring in my application started > > using systemd. > > > > The list of steps I'm doing: > > > > 1. Starting a systemd service with `KeyringMode=shared` as a > > SPECIFIC USER 2. In the `ExecStartPre`, I'm launching a subprocess > > that invokes `systemd-ask-password` to accept the input and store it > > in the USER's kernel keyring 3. In the main program started using > > `ExecStart`, I'm accessing the value stored in the keyring > > > > I'm able to access the values from my main program -- everything > > works as expected! When I try to login as that specific user and do > > a `keyctl show @u`, I find the entry. > > > > However, when I try to do `keyctl print <keyID>`, it throws > > "Permission Denied" error. IIUC, this protects the keys in the > > keyring from accessing outside the systemd service. Is it the > > desired behaviour? > > Hmm, maybe use "keyctl list @u" to see the key and its access mode? > > Lennart > > -- > Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Systemd and kernel keyring
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Systemd and kernel keyring
- From: Sietse van Zanen <sietse@xxxxxxxxx>
- Date: Fri, 7 Dec 2018 10:00:22 +0000
- Accept-language: en-US
- Cc: "systemd-devel@xxxxxxxxxxxxxxxxxxxxx" <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <c57c7359f3759a1a5f51b6978096f2ca1f16ef07.camel@redhat.com>
- References: <88e3d1e6a9633132d4a08f1bb6c4e40939b68154.camel@redhat.com> <20181206133849.GB6844@gardel-login> <c57c7359f3759a1a5f51b6978096f2ca1f16ef07.camel@redhat.com>
- Follow-Ups:
- Re: Systemd and kernel keyring
- From: Dinesh Prasanth Moluguwan Krishnamoorthy
- Re: Systemd and kernel keyring
- References:
- Systemd and kernel keyring
- From: Dinesh Prasanth Moluguwan Krishnamoorthy
- Re: Systemd and kernel keyring
- From: Lennart Poettering
- Re: Systemd and kernel keyring
- From: Dinesh Prasanth Moluguwan Krishnamoorthy
- Systemd and kernel keyring
- Prev by Date: Re: starting qt application after DRM initialized
- Next by Date: Re: Systemd and kernel keyring
- Previous by thread: Re: Systemd and kernel keyring
- Next by thread: Re: Systemd and kernel keyring
- Index(es):
 |