kafs-client (recent strangeness of with add_key)
Chaskiel Grundman
cgrundman at gmail.com
Tue May 31 07:24:28 PDT 2022
The KEY_SPEC_USER_SESSION_KEYRING exists to be the fallback
KEY_SPEC_SESSION_KEYRING.
>From user-session-keyring.7:
> The user session keyring is created on demand when a thread requests it or when a thread asks for its session-keyring(7) and that keyring doesn't exist. In the latter case, a user session keyring will be created and, ***if the session keyring wasn't to be created, the user session keyring will be set as the process's actual session keyring***
You can try it yourself, with keyctl show
Compare
keyctl show @s
keyctl show @us
and keyctl session -- keyctl show @s
the strace shows (session present)
keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_SESSION_KEYRING, 0) = 66825801
keyctl(KEYCTL_DESCRIBE, 66825801, NULL, 0) = 32
keyctl(KEYCTL_DESCRIBE, 66825801, "keyring;1000;1000;3f030000;_ses", 32) = 32
vs (session not present)
keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_SESSION_KEYRING, 0) = 634641843
keyctl(KEYCTL_DESCRIBE, 634641843, NULL, 0) = 42
keyctl(KEYCTL_DESCRIBE, 634641843,
"keyring;1000;65534;1f3f0000;_uid"..., 42) = 42
More information about the linux-afs
mailing list