diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-10-30 23:45:38 +0100 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-11-02 23:20:57 +0100 |
| commit | 36c6c696a78d9339ad415a3ad6bdd5f22c2140f2 (patch) | |
| tree | fccb3120b125cb654e39bb5c17f9cbcd9c67115f /docs | |
| parent | ask-password: Drop "default" for SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC (diff) | |
| download | systemd-36c6c696a78d9339ad415a3ad6bdd5f22c2140f2.tar.xz systemd-36c6c696a78d9339ad415a3ad6bdd5f22c2140f2.zip | |
ask-password: Add $SYSTEMD_ASK_PASSWORD_KEYRING_TYPE
Currently ask_password_auto() will always try to store the password into
the user keyring. Let's make this configurable so that we can configure
ask_password_auto() into the session keyring. This is required when working
with user namespaces, as the user keyring is namespaced by user namespaces
which makes it impossible to share cached keys across user namespaces by using
the user namespace while this is possible with the session keyring.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ENVIRONMENT.md | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index b0b30949fb..30c987f834 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -743,3 +743,8 @@ Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as If unset, the default expiration of 150 seconds is used. If set to `0`, keys are not cached in the kernel keyring. If set to `infinity`, keys are cached without an expiration time in the kernel keyring. + +* `SYSTEMD_ASK_PASSWORD_KEYRING_TYPE` - takes a keyring ID or one of `thread`, + `process`, `session`, `user`, `user-session`, or `group`. Controls the kernel + keyring in which `systemd-ask-password` caches the queried password. Defaults + to `user`. |