--- Comment #33 from Franck Bui <fbui(a)suse.com> ---
To sum up my current understanding: the kernel keyring stuff is currently not
integrated in the PAM config used by (open)SUSE (the user session keyring is
used as the session keyring).
systemd, with 74dd6b515fa968c5710b39 commit, doesn't make any distinction
between service when it creates a session keyring (which is not linked to the
user keyring) for each service. Therefore services related to user login (sshd,
DM, ...) will be started with a wrong session keyring and this one will be used
and shared by all their process children.
For now a change which consists in disabling 74dd6b515fa968c5710b39 commit has
But it would be better if we could integrate pam_keyinit.so in the PAM setup so
we can restore the reverted feature.
Does that sound correct ?
You are receiving this mail because:
You are on the CC list for the bug.