Comment # 28 on bug 1045886 from 
(In reply to Andrei Borzenkov from comment #6)
> 2. Now lets look at keyrings immediately after logon
> 
> bor@10:~> : Before ecryptfs-setup
> bor@10:~> cat /proc/keys
> 023c3b10 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
> 05088f05 I--Q---    88 perm 3f030000     0     0 keyring   _ses: 1
> 2344184f I--Q---    41 perm 3f030000  1000   100 keyring   _ses: 1
> bor@10:~> keyctl show -x @s
> Keyring
> 0x05088f05 --alswrv      0     0  keyring: _ses
> 0x023c3b10 ----s-rv      0     0   \_ user: invocation_id
> 
> Note - our session keyring is owned by user 0!!! So it is the one inherited
> from systemd service. (Heck, is there any way to list session keyrings for
> each process?)

I don't see why the session keyring is owned by root here. The ownership is
supposed to be changed here:

  https://github.com/systemd/systemd/blob/master/src/core/execute.c#L2127

It looks like for some reasons KEYCTL_CHOWN doesn't work...

You are receiving this mail because: