[systemd-devel] Systemd and kernel keyring

Sietse van Zanen sietse at wizdom.nu
Fri Dec 7 10:00:22 UTC 2018 

Hi Dinesh,

In that case I suggest you start by reading: http://man7.org/linux/man-pages/man7/keyrings.7.html

What does cat /proc/keys say?

-Sietse

-----Original Message-----
From: systemd-devel <systemd-devel-bounces at lists.freedesktop.org> On Behalf Of Dinesh Prasanth Moluguwan Krishnamoorthy
Sent: Thursday, 6 December, 2018 23:38
To: Lennart Poettering <mzerqung at 0pointer.de>
Cc: systemd-devel at lists.freedesktop.org
Subject: Re: [systemd-devel] Systemd and kernel keyring

Hi Lennart,

[pkiuser at localhost]  $ keyctl list @u
1 key in keyring:
114920030: --alswrv    17    17 user: nuxwdog:user

That's the attrs of the created key.I'm not sure how to read these attributes, though.

Regards,
Dinesh

On Thu, 2018-12-06 at 14:38 +0100, Lennart Poettering wrote:
> On Mi, 05.12.18 19:11, Dinesh Prasanth Moluguwan Krishnamoorthy (
> dmoluguw at redhat.com) wrote:
> 
> > Hi team,
> > 
> > I'm working on accessing kernel keyring in my application started 
> > using systemd.
> > 
> > The list of steps I'm doing:
> > 
> > 1. Starting a systemd service with `KeyringMode=shared` as a 
> > SPECIFIC USER 2. In the `ExecStartPre`, I'm launching a subprocess 
> > that invokes `systemd-ask-password` to accept the input and store it 
> > in the USER's kernel keyring 3. In the main program started using 
> > `ExecStart`, I'm accessing the value stored in the keyring
> > 
> > I'm able to access the values from my main program -- everything 
> > works as expected! When I try to login as that specific user and do 
> > a `keyctl show @u`, I find the entry.
> > 
> > However, when I try to do `keyctl print <keyID>`, it throws 
> > "Permission Denied" error. IIUC, this protects the keys in the 
> > keyring from accessing outside the systemd service. Is it the 
> > desired behaviour?
> 
> Hmm, maybe use "keyctl list @u" to see the key and its access mode?
> 
> Lennart
> 
> --
> Lennart Poettering, Red Hat

_______________________________________________
systemd-devel mailing list
systemd-devel at lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

More information about the systemd-devel mailing list