core: link user keyring to session keyring (#6275)
Commit 74dd6b515f
(core: run each system
service with a fresh session keyring) broke adding keys to user keyring.
Added keys could not be accessed with error message:
keyctl_read_alloc: Permission denied
So link the user keyring to our session keyring.
This commit is contained in:
parent
2240fc54e9
commit
437a85112e
|
@ -1093,6 +1093,10 @@ typedef int32_t key_serial_t;
|
|||
#define KEYCTL_DESCRIBE 6
|
||||
#endif
|
||||
|
||||
#ifndef KEYCTL_LINK
|
||||
#define KEYCTL_LINK 8
|
||||
#endif
|
||||
|
||||
#ifndef KEYCTL_READ
|
||||
#define KEYCTL_READ 11
|
||||
#endif
|
||||
|
|
|
@ -2099,6 +2099,14 @@ static int setup_keyring(Unit *u, const ExecParameters *p, uid_t uid, gid_t gid)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* Having our own session keyring is nice, but results in keys added
|
||||
* to the user keyring being inaccessible with permission denied.
|
||||
* So link the user keyring to our session keyring. */
|
||||
if (keyctl(KEYCTL_LINK,
|
||||
KEY_SPEC_USER_KEYRING,
|
||||
keyring, 0, 0) < 0)
|
||||
return log_debug_errno(errno, "Failed to link user keyring to session keyring.");
|
||||
|
||||
/* Populate they keyring with the invocation ID by default. */
|
||||
if (!sd_id128_is_null(u->invocation_id)) {
|
||||
key_serial_t key;
|
||||
|
|
Loading…
Reference in a new issue