Commit
74dd6b515fa968c5710b396a7664cac335e25ca8 (core: run each system
service with a fresh session keyring) broke adding keys to user keyring.
Added keys could not be accessed with error message:
keyctl_read_alloc: Permission denied
So link the user keyring to our session keyring.
#define KEYCTL_DESCRIBE 6
#endif
+#ifndef KEYCTL_LINK
+#define KEYCTL_LINK 8
+#endif
+
#ifndef KEYCTL_READ
#define KEYCTL_READ 11
#endif
return 0;
}
+ /* Having our own session keyring is nice, but results in keys added
+ * to the user keyring being inaccessible with permission denied.
+ * So link the user keyring to our session keyring. */
+ if (keyctl(KEYCTL_LINK,
+ KEY_SPEC_USER_KEYRING,
+ keyring, 0, 0) < 0)
+ return log_debug_errno(errno, "Failed to link user keyring to session keyring.");
+
/* Populate they keyring with the invocation ID by default. */
if (!sd_id128_is_null(u->invocation_id)) {
key_serial_t key;