Revert "core: link user keyring to session keyring (#6275)" (#6342)

This reverts commit 437a85112e02042b62751395b9e7225628c1b708.

The outcome of this isn't that clear, let's revert this for now, see
discussion on #6286.

diff --git a/src/basic/missing.h b/src/basic/missing.h
index 66aee40..7830a4f 100644 (file)
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -1102,10 +1102,6 @@ typedef int32_t key_serial_t;
 #define KEYCTL_DESCRIBE 6
 #endif
 
-#ifndef KEYCTL_LINK
-#define KEYCTL_LINK 8
-#endif
-
 #ifndef KEYCTL_READ
 #define KEYCTL_READ 11
 #endif

diff --git a/src/core/execute.c b/src/core/execute.c
index 643a209..d72e5bf 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2099,14 +2099,6 @@ static int setup_keyring(Unit *u, const ExecParameters *p, uid_t uid, gid_t gid)
                 return 0;
         }
 
-        /* Having our own session keyring is nice, but results in keys added
-         * to the user keyring being inaccessible with permission denied.
-         * So link the user keyring to our session keyring. */
-        if (keyctl(KEYCTL_LINK,
-                   KEY_SPEC_USER_KEYRING,
-                   keyring,  0, 0) < 0)
-                return log_debug_errno(errno, "Failed to link user keyring to session keyring.");
-
         /* Populate they keyring with the invocation ID by default. */
         if (!sd_id128_is_null(u->invocation_id)) {
                 key_serial_t key;