[systemd-devel] Systemd and kernel keyring

Lennart Poettering mzerqung at 0pointer.de
Thu Dec 6 13:38:49 UTC 2018


On Mi, 05.12.18 19:11, Dinesh Prasanth Moluguwan Krishnamoorthy (dmoluguw at redhat.com) wrote:

> Hi team,
>
> I'm working on accessing kernel keyring in my application started using
> systemd.
>
> The list of steps I'm doing:
>
> 1. Starting a systemd service with `KeyringMode=shared` as a SPECIFIC
> USER
> 2. In the `ExecStartPre`, I'm launching a subprocess that invokes
> `systemd-ask-password` to accept the input and store it in the USER's
> kernel keyring
> 3. In the main program started using `ExecStart`, I'm accessing the
> value stored in the keyring
>
> I'm able to access the values from my main program -- everything works
> as expected! When I try to login as that specific user and do a `keyctl
> show @u`, I find the entry.
>
> However, when I try to do `keyctl print <keyID>`, it throws "Permission
> Denied" error. IIUC, this protects the keys in the keyring from
> accessing outside the systemd service. Is it the desired behaviour?

Hmm, maybe use "keyctl list @u" to see the key and its access mode?

Lennart

--
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list