diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-12-02 01:54:41 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-12-13 20:59:10 +0100 |
| commit | 74dd6b515fa968c5710b396a7664cac335e25ca8 (patch) | |
| tree | 4aa9a78c228ce5e2833e2b3ed0bbee931895f653 /src/basic/exit-status.c | |
| parent | Merge pull request #4877 from evverx/fix-machine-id (diff) | |
| download | systemd-74dd6b515fa968c5710b396a7664cac335e25ca8.tar.xz systemd-74dd6b515fa968c5710b396a7664cac335e25ca8.zip | |
core: run each system service with a fresh session keyring
This patch ensures that each system service gets its own session kernel keyring
automatically, and implicitly. Without this a keyring is allocated for it
on-demand, but is then linked with the user's kernel keyring, which is OK
behaviour for logged in users, but not so much for system services.
With this change each service gets a session keyring that is specific to the
service and ceases to exist when the service is shut down. The session keyring
is not linked up with the user keyring and keys hence only search within the
session boundaries by default.
(This is useful in a later commit to store per-service material in the keyring,
for example the invocation ID)
(With input from David Howells)
Diffstat (limited to 'src/basic/exit-status.c')
| -rw-r--r-- | src/basic/exit-status.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/basic/exit-status.c b/src/basic/exit-status.c index 59557f8afe..1e23c32c3f 100644 --- a/src/basic/exit-status.c +++ b/src/basic/exit-status.c @@ -148,6 +148,9 @@ const char* exit_status_to_string(int status, ExitStatusLevel level) { case EXIT_SMACK_PROCESS_LABEL: return "SMACK_PROCESS_LABEL"; + + case EXIT_KEYRING: + return "KEYRING"; } } |