Right when I feel I started to better understand Possession and Keyrings, I had this:
> keyctl describe 14242397
14242397: alsw-v------------------ 1002 100 user: keyInUsr
> keyctl print 14242397
mySecret-1
How can I read a key when no one has read rights? Is there some caching going on? Some refresh only occurring on certain conditions ??
Or am I missing something?
Regards
Bruno
On Mon, Dec 10, 2018 at 12:55 PM Mantas Mikulėnas <grawity@xxxxxxxxx> wrote:
_______________________________________________--On Fri, Dec 7, 2018 at 9:47 PM Dinesh Prasanth Moluguwan Krishnamoorthy <dmoluguw@xxxxxxxxxx> wrote:Oh damn! Yes. It worked!
So, my next question would be "how to avoid it?"
To expand a bit more:
I want to make these passwords inaccessible outside the systemd service
even by that USER. (or does it sound something contradictory?)
Regards,
DineshIt does sound contradictory; it rarely makes sense to isolate the user from themselves.It might be *possible* to set the key's permissions such that only the "possessor" has full permissions, but the "uid/gid/other" have none. (e.g. keyctl setperm <id> 0x3f000000).Mantas Mikulėnas
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Bruno VERNAY
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
