[systemd-devel] Credentials: what I am doing wrong?

[Kamil Jońca]

--8<---------------cut here---------------start------------->8---
%sudo cat /etc/systemd/system/test1.service
[Unit]
Description=Test service with credential
[Service]
SetCredentialEncrypted=testcred: \
        Whxqht+dQJax1aZeCGLxmiAAAAABAAAADAAAABAAAAA6lr6VEx0jrl54ZU8AAAAAgFJrl \
        EazQv9tmcpf0ept3mwvX7qEuBNqxu1hPwCNaOvT82cYBSPCZMFoJ+gbuHbAjEGqHbA=
PrivateMounts=true
ExecStart=sleep 86400
--8<---------------cut here---------------start------------->8---



--8<---------------cut here---------------start------------->8---
%sudo cat /etc/systemd/system/test2.service
[Unit]
Description=Test service reading credential 
[Service]
ExecStart=cat /run/credentials/test1.service/testcred
--8<---------------cut here---------------end--------------->8---


%sudo systemctl start test1.service
%sudo systemctl start test2.service
%journalctl -xe -u test2.service #shows

--8<---------------cut here---------------start------------->8---
Jul 04 21:01:56 alfa systemd[1]: Started test2.service - Test service reading credential.
░░ Subject: A start job for unit test2.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit test2.service has finished successfully.
░░ 
░░ The job identifier is 63736.
Jul 04 21:01:56 alfa cat[3503936]: qqrq
Jul 04 21:01:56 alfa systemd[1]: test2.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ The unit test2.service has successfully entered the 'dead' state.
--8<---------------cut here---------------end--------------->8---

moreover:
--8<---------------cut here---------------start------------->8---
%sudo cat /run/credentials/test1.service/testcred
qqrq
--8<---------------cut here---------------end--------------->8---

Why host and test2.service has access to test1's credential?
What am I missing?

KJ

-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html