I am working with kernel keyring (`e4crypt` tool stores its keys there). The end goal, basically, is there is one service that decrypts a folder (creates a key in the kernel keyring) and then every service has access to that key, thus having access to the encrypted folder.
For some reason systemd doesn't share kernel keyrings between services. Service A launches a script that creates a key and then it's nowhere to be found inside service B (running `keyctl show` there doesn't show the key).
I've tried running `keyctl setperm $KEY_ID 0x3f3f3f3f` (giving everyone all writes to the key) but to no avail.
I've found systemd has a `KeyringMode=shared` option, so I've added `User=root` and `KeyringMode=shared` to both A and B service files. Unfortunately, this had no effect. The keyring of service B is still empty when it launches.
Running `keyctl show` inside A and B gives this. Service A output:
```
Session Keyring
275477083 --alswrv 0 0 keyring: _ses
511348864 ----s-rv 0 0 \_ user: invocation_id
916643668 --alswrv 0 0 \_ logon: ext4:018b44e44e88466a
```
Service B output:
```
Session Keyring
922937713 --alswrv 100000 100000 keyring: _ses
91724620 --alswrv 100000 65534 \_ keyring: _uid.100000
```
This output is when not using `User=root` and `KeyringMode=shared` since adding this to every service file isn't feasible (and I also can't have everything running as root).
--
Sincerely, Nikita Krasnov
For some reason systemd doesn't share kernel keyrings between services. Service A launches a script that creates a key and then it's nowhere to be found inside service B (running `keyctl show` there doesn't show the key).
I've tried running `keyctl setperm $KEY_ID 0x3f3f3f3f` (giving everyone all writes to the key) but to no avail.
I've found systemd has a `KeyringMode=shared` option, so I've added `User=root` and `KeyringMode=shared` to both A and B service files. Unfortunately, this had no effect. The keyring of service B is still empty when it launches.
Running `keyctl show` inside A and B gives this. Service A output:
```
Session Keyring
275477083 --alswrv 0 0 keyring: _ses
511348864 ----s-rv 0 0 \_ user: invocation_id
916643668 --alswrv 0 0 \_ logon: ext4:018b44e44e88466a
```
Service B output:
```
Session Keyring
922937713 --alswrv 100000 100000 keyring: _ses
91724620 --alswrv 100000 65534 \_ keyring: _uid.100000
```
This output is when not using `User=root` and `KeyringMode=shared` since adding this to every service file isn't feasible (and I also can't have everything running as root).
--
Sincerely, Nikita Krasnov
