Mailinglist Archive: opensuse-bugs (4751 mails)

< Previous Next >
[Bug 1045886] ecryptfs problems with recent Tumbleweed
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 10 Jul 2017 13:41:33 +0000
  • Message-id: <bug-1045886-21960-WlXXbMBUeT@http.bugzilla.novell.com/>
http://bugzilla.novell.com/show_bug.cgi?id=1045886
http://bugzilla.novell.com/show_bug.cgi?id=1045886#c33

--- Comment #33 from Franck Bui <fbui@xxxxxxxx> ---
To sum up my current understanding: the kernel keyring stuff is currently not
integrated in the PAM config used by (open)SUSE (the user session keyring is
used as the session keyring).

systemd, with 74dd6b515fa968c5710b39 commit, doesn't make any distinction
between service when it creates a session keyring (which is not linked to the
user keyring) for each service. Therefore services related to user login (sshd,
DM, ...) will be started with a wrong session keyring and this one will be used
and shared by all their process children.

For now a change which consists in disabling 74dd6b515fa968c5710b39 commit has
been submitted.

But it would be better if we could integrate pam_keyinit.so in the PAM setup so
we can restore the reverted feature.

Does that sound correct ?

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >