[systemd-devel] Systemd and kernel keyring
Mantas Mikulėnas
grawity at gmail.com
Mon Dec 10 11:55:14 UTC 2018
On Fri, Dec 7, 2018 at 9:47 PM Dinesh Prasanth Moluguwan Krishnamoorthy <
dmoluguw at redhat.com> wrote:
> Oh damn! Yes. It worked!
>
> So, my next question would be "how to avoid it?"
>
> To expand a bit more:
>
> I want to make these passwords inaccessible outside the systemd service
> even by that USER. (or does it sound something contradictory?)
>
> Regards,
> Dinesh
>
It does sound contradictory; it rarely makes sense to isolate the user from
themselves.
It might be *possible* to set the key's permissions such that only the
"possessor" has full permissions, but the "uid/gid/other" have none.
(e.g. keyctl
setperm <id> 0x3f000000).
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20181210/4cc63d98/attachment.html>
More information about the systemd-devel
mailing list