[systemd-devel] Systemd and kernel keyring
Dinesh Prasanth Moluguwan Krishnamoorthy
dmoluguw at redhat.com
Thu Dec 6 03:11:30 UTC 2018
Hi team,
I'm working on accessing kernel keyring in my application started using
systemd.
The list of steps I'm doing:
1. Starting a systemd service with `KeyringMode=shared` as a SPECIFIC
USER
2. In the `ExecStartPre`, I'm launching a subprocess that invokes
`systemd-ask-password` to accept the input and store it in the USER's
kernel keyring
3. In the main program started using `ExecStart`, I'm accessing the
value stored in the keyring
I'm able to access the values from my main program -- everything works
as expected! When I try to login as that specific user and do a `keyctl
show @u`, I find the entry.
However, when I try to do `keyctl print <keyID>`, it throws "Permission
Denied" error. IIUC, this protects the keys in the keyring from
accessing outside the systemd service. Is it the desired behaviour?
I have the sample systemd unit file available in [1].
[1]
https://github.com/SilleBille/keyctl-java-test/blob/master/pki-tomcatd-nuxwdog%40pki-tomcat.service
Thanks,
Dinesh
More information about the systemd-devel
mailing list