[systemd-devel] Systemd and kernel keyring
Bruno Vernay
brunovern.a at gmail.com
Mon Dec 10 14:59:04 UTC 2018
Right when I feel I started to better understand Possession and Keyrings, I
had this:
> keyctl describe 14242397
14242397: alsw-v------------------ 1002 100 user: keyInUsr
> keyctl print 14242397
mySecret-1
How can I read a key when no one has read rights? Is there some caching
going on? Some refresh only occurring on certain conditions ??
Or am I missing something?
Regards
Bruno
On Mon, Dec 10, 2018 at 12:55 PM Mantas Mikulėnas <grawity at gmail.com> wrote:
> On Fri, Dec 7, 2018 at 9:47 PM Dinesh Prasanth Moluguwan Krishnamoorthy <
> dmoluguw at redhat.com> wrote:
>
>> Oh damn! Yes. It worked!
>>
>> So, my next question would be "how to avoid it?"
>>
>> To expand a bit more:
>>
>> I want to make these passwords inaccessible outside the systemd service
>> even by that USER. (or does it sound something contradictory?)
>>
>> Regards,
>> Dinesh
>>
>
> It does sound contradictory; it rarely makes sense to isolate the user
> from themselves.
>
> It might be *possible* to set the key's permissions such that only the
> "possessor" has full permissions, but the "uid/gid/other" have none. (e.g. keyctl
> setperm <id> 0x3f000000).
>
> --
> Mantas Mikulėnas
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
--
Bruno VERNAY
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20181210/3a31bb58/attachment-0001.html>
More information about the systemd-devel
mailing list