I setup an example where a service is expecting a secret to be available in its user's persistent keyring. It can crash and restart or maybe it is a timer and it does not want to bother asking/reading secrets. It works, but I hoped to be able to remove access to the secret from the user that had set it, maybe days ago. I did not find a way to do it - no one has the right to change persistent keyring attributes - I can always link it to my own session - then I am possessor and have rights on all the persistent keyring - (for what I understand the restrict_key does not work in that case) Any hint would be welcome! I made it short about 2 files 20 useful lines each: https://gitlab.com/BrunoVernay/systemd-playground/blob/master/12-keyring/t1/run.sh _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Passing secrets via persistent keyring
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Passing secrets via persistent keyring
- From: Bruno Vernay <brunovern.a@xxxxxxxxx>
- Date: Fri, 28 Dec 2018 00:29:08 +0100
- Prev by Date: Re: IPAddressDeny/IPAddressAllow is too limited ot be useful
- Next by Date: Requires and After
- Previous by thread: Suspend issues
- Next by thread: Requires and After
- Index(es):
 |