Dinesh Prasanth Moluguwan Krishnamoorthy
2018-12-06 03:11:30 UTC
I'm working on accessing kernel keyring in my application started using
The list of steps I'm doing:
1. Starting a systemd service with `KeyringMode=shared` as a SPECIFIC
2. In the `ExecStartPre`, I'm launching a subprocess that invokes
`systemd-ask-password` to accept the input and store it in the USER's
3. In the main program started using `ExecStart`, I'm accessing the
value stored in the keyring
I'm able to access the values from my main program -- everything works
as expected! When I try to login as that specific user and do a `keyctl
show @u`, I find the entry.
However, when I try to do `keyctl print <keyID>`, it throws "Permission
Denied" error. IIUC, this protects the keys in the keyring from
accessing outside the systemd service. Is it the desired behaviour?
I have the sample systemd unit file available in .