aboutsummaryrefslogtreecommitdiff
path: root/security/keyring.go
diff options
context:
space:
mode:
Diffstat (limited to 'security/keyring.go')
-rw-r--r--security/keyring.go19
1 files changed, 17 insertions, 2 deletions
diff --git a/security/keyring.go b/security/keyring.go
index f75b189..ef56364 100644
--- a/security/keyring.go
+++ b/security/keyring.go
@@ -141,6 +141,13 @@ func getUserKeyringID() (int, error) {
}
keyringID := int(parsedID)
+ // For some stupid reason, a thread does not automaticaly "possess" keys
+ // in the user keyring. So we link it into the process keyring so that
+ // we will not get "permission denied" when purging or modifying keys.
+ if err := keyringLink(keyringID, unix.KEY_SPEC_PROCESS_KEYRING); err != nil {
+ return 0, err
+ }
+
keyringIDCache[euid] = keyringID
return keyringID, nil
}
@@ -151,11 +158,19 @@ func getUserKeyringID() (int, error) {
func keyringLink(keyID int, keyringID int) error {
_, err := unix.KeyctlInt(unix.KEYCTL_LINK, keyID, keyringID, 0, 0)
log.Printf("KeyctlLink(%d, %d) = %v", keyID, keyringID, err)
- return errors.Wrap(ErrKeyringLink, err.Error())
+
+ if err != nil {
+ return errors.Wrap(ErrKeyringLink, err.Error())
+ }
+ return err
}
func keyringUnlink(keyID int, keyringID int) error {
_, err := unix.KeyctlInt(unix.KEYCTL_UNLINK, keyID, keyringID, 0, 0)
log.Printf("KeyctlUnlink(%d, %d) = %v", keyID, keyringID, err)
- return errors.Wrap(ErrKeyringUnlink, err.Error())
+
+ if err != nil {
+ return errors.Wrap(ErrKeyringUnlink, err.Error())
+ }
+ return err
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 15:48:04 +0000