[systemd-devel] Systemd and kernel keyring
Dinesh Prasanth Moluguwan Krishnamoorthy
dmoluguw at redhat.com
Thu Dec 6 22:37:52 UTC 2018
Hi Lennart,
[pkiuser at localhost] $ keyctl list @u
1 key in keyring:
114920030: --alswrv 17 17 user: nuxwdog:user
That's the attrs of the created key.I'm not sure how to read these
attributes, though.
Regards,
Dinesh
On Thu, 2018-12-06 at 14:38 +0100, Lennart Poettering wrote:
> On Mi, 05.12.18 19:11, Dinesh Prasanth Moluguwan Krishnamoorthy (
> dmoluguw at redhat.com) wrote:
>
> > Hi team,
> >
> > I'm working on accessing kernel keyring in my application started
> > using
> > systemd.
> >
> > The list of steps I'm doing:
> >
> > 1. Starting a systemd service with `KeyringMode=shared` as a
> > SPECIFIC
> > USER
> > 2. In the `ExecStartPre`, I'm launching a subprocess that invokes
> > `systemd-ask-password` to accept the input and store it in the
> > USER's
> > kernel keyring
> > 3. In the main program started using `ExecStart`, I'm accessing the
> > value stored in the keyring
> >
> > I'm able to access the values from my main program -- everything
> > works
> > as expected! When I try to login as that specific user and do a
> > `keyctl
> > show @u`, I find the entry.
> >
> > However, when I try to do `keyctl print <keyID>`, it throws
> > "Permission
> > Denied" error. IIUC, this protects the keys in the keyring from
> > accessing outside the systemd service. Is it the desired behaviour?
>
> Hmm, maybe use "keyctl list @u" to see the key and its access mode?
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list