On Fri, 2018-12-07 at 10:00 +0000, Sietse van Zanen wrote: > Hi Dinesh, > > In that case I suggest you start by reading: > http://man7.org/linux/man-pages/man7/keyrings.7.html Thanks for this. It does provide quite a few info what I need! :) > > What does cat /proc/keys say? There is no "nuxwdog:user" entry in it. May be possibly coz I'm using this workaround? https://github.com/systemd/systemd/issues/1232#issuecomment-367209577 Regards, Dinesh > -Sietse > > -----Original Message----- > From: systemd-devel <systemd-devel-bounces@xxxxxxxxxxxxxxxxxxxxx> On > Behalf Of Dinesh Prasanth Moluguwan Krishnamoorthy > Sent: Thursday, 6 December, 2018 23:38 > To: Lennart Poettering <mzerqung@xxxxxxxxxxx> > Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Systemd and kernel keyring > > Hi Lennart, > > [pkiuser@localhost] $ keyctl list @u > 1 key in keyring: > 114920030: --alswrv 17 17 user: nuxwdog:user > > That's the attrs of the created key.I'm not sure how to read these > attributes, though. > > Regards, > Dinesh > > On Thu, 2018-12-06 at 14:38 +0100, Lennart Poettering wrote: > > On Mi, 05.12.18 19:11, Dinesh Prasanth Moluguwan Krishnamoorthy ( > > dmoluguw@xxxxxxxxxx) wrote: > > > > > Hi team, > > > > > > I'm working on accessing kernel keyring in my application > > > started > > > using systemd. > > > > > > The list of steps I'm doing: > > > > > > 1. Starting a systemd service with `KeyringMode=shared` as a > > > SPECIFIC USER 2. In the `ExecStartPre`, I'm launching a > > > subprocess > > > that invokes `systemd-ask-password` to accept the input and store > > > it > > > in the USER's kernel keyring 3. In the main program started > > > using > > > `ExecStart`, I'm accessing the value stored in the keyring > > > > > > I'm able to access the values from my main program -- everything > > > works as expected! When I try to login as that specific user and > > > do > > > a `keyctl show @u`, I find the entry. > > > > > > However, when I try to do `keyctl print <keyID>`, it throws > > > "Permission Denied" error. IIUC, this protects the keys in the > > > keyring from accessing outside the systemd service. Is it the > > > desired behaviour? > > > > Hmm, maybe use "keyctl list @u" to see the key and its access mode? > > > > Lennart > > > > -- > > Lennart Poettering, Red Hat > > _______________________________________________ > systemd-devel mailing list > systemd-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Systemd and kernel keyring
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Systemd and kernel keyring
- From: Dinesh Prasanth Moluguwan Krishnamoorthy <dmoluguw@xxxxxxxxxx>
- Date: Fri, 07 Dec 2018 11:05:13 -0800
- Cc: "systemd-devel@xxxxxxxxxxxxxxxxxxxxx" <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <e34c11f651e045a7be728baf19450077@wizdom.nu>
- References: <88e3d1e6a9633132d4a08f1bb6c4e40939b68154.camel@redhat.com> <20181206133849.GB6844@gardel-login> <c57c7359f3759a1a5f51b6978096f2ca1f16ef07.camel@redhat.com> <e34c11f651e045a7be728baf19450077@wizdom.nu>
- References:
- Systemd and kernel keyring
- From: Dinesh Prasanth Moluguwan Krishnamoorthy
- Re: Systemd and kernel keyring
- From: Lennart Poettering
- Re: Systemd and kernel keyring
- From: Dinesh Prasanth Moluguwan Krishnamoorthy
- Re: Systemd and kernel keyring
- From: Sietse van Zanen
- Systemd and kernel keyring
- Prev by Date: Re: starting qt application after DRM initialized
- Next by Date: Re: Systemd and kernel keyring
- Previous by thread: Re: Systemd and kernel keyring
- Next by thread: Re: Systemd and kernel keyring
- Index(es):
 |