From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 12 Jul 2017 14:00:44 +0000 (+0200)
Subject: Revert "core: link user keyring to session keyring (#6275)" (#6342)
X-Git-Tag: v234~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=782c925f7fa2e6e716ca9ac901954f3349d07ad8;p=thirdparty%2Fsystemd.git

Revert "core: link user keyring to session keyring (#6275)" (#6342)

This reverts commit 437a85112e02042b62751395b9e7225628c1b708.

The outcome of this isn't that clear, let's revert this for now, see
discussion on #6286.
---

diff --git a/src/basic/missing.h b/src/basic/missing.h
index 66aee406322..7830a4f415b 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -1102,10 +1102,6 @@ typedef int32_t key_serial_t;
 #define KEYCTL_DESCRIBE 6
 #endif
 
-#ifndef KEYCTL_LINK
-#define KEYCTL_LINK 8
-#endif
-
 #ifndef KEYCTL_READ
 #define KEYCTL_READ 11
 #endif
diff --git a/src/core/execute.c b/src/core/execute.c
index 643a209af72..d72e5bf08c4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2099,14 +2099,6 @@ static int setup_keyring(Unit *u, const ExecParameters *p, uid_t uid, gid_t gid)
                 return 0;
         }
 
-        /* Having our own session keyring is nice, but results in keys added
-         * to the user keyring being inaccessible with permission denied.
-         * So link the user keyring to our session keyring. */
-        if (keyctl(KEYCTL_LINK,
-                   KEY_SPEC_USER_KEYRING,
-                   keyring,  0, 0) < 0)
-                return log_debug_errno(errno, "Failed to link user keyring to session keyring.");
-
         /* Populate they keyring with the invocation ID by default. */
         if (!sd_id128_is_null(u->invocation_id)) {
                 key_serial_t key;