From 50256fab010adfde1b349160460659fb03d8c8ac Mon Sep 17 00:00:00 2001
From: "Joe Richey joerichey@google.com" <joerichey@google.com>
Date: Tue, 22 Aug 2017 11:32:03 -0700
Subject: security: Fixed typo and improved error handling

---
 security/keyring.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'security/keyring.go')

diff --git a/security/keyring.go b/security/keyring.go
index e312df2..f75b189 100644
--- a/security/keyring.go
+++ b/security/keyring.go
@@ -95,7 +95,7 @@ var keyringIDCache = make(map[int]int)
 // simpler approach would be to use
 //     unix.KeyctlGetKeyringID(unix.KEY_SPEC_USER_KEYRING, false)
 // which would work in almost all cases. However, despite the fact that the rest
-// of the keyrings API using the _effective_ UID throughout, the translation of
+// of the keyrings API uses the _effective_ UID throughout, the translation of
 // KEY_SPEC_USER_KEYRING is done with respect to the _real_ UID. This means that
 // a simpler implementation would not respect permissions dropping.
 func getUserKeyringID() (int, error) {
@@ -150,10 +150,12 @@ func getUserKeyringID() (int, error) {
 
 func keyringLink(keyID int, keyringID int) error {
 	_, err := unix.KeyctlInt(unix.KEYCTL_LINK, keyID, keyringID, 0, 0)
-	return errors.Wrapf(err, "linking key %d into keyring %d", keyID, keyringID)
+	log.Printf("KeyctlLink(%d, %d) = %v", keyID, keyringID, err)
+	return errors.Wrap(ErrKeyringLink, err.Error())
 }
 
 func keyringUnlink(keyID int, keyringID int) error {
 	_, err := unix.KeyctlInt(unix.KEYCTL_UNLINK, keyID, keyringID, 0, 0)
-	return errors.Wrapf(err, "unlinking key %d from keyring %d", keyID, keyringID)
+	log.Printf("KeyctlUnlink(%d, %d) = %v", keyID, keyringID, err)
+	return errors.Wrap(ErrKeyringUnlink, err.Error())
 }
-- 
cgit v1.3