From 36c6c696a78d9339ad415a3ad6bdd5f22c2140f2 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 30 Oct 2024 23:45:38 +0100 Subject: ask-password: Add $SYSTEMD_ASK_PASSWORD_KEYRING_TYPE Currently ask_password_auto() will always try to store the password into the user keyring. Let's make this configurable so that we can configure ask_password_auto() into the session keyring. This is required when working with user namespaces, as the user keyring is namespaced by user namespaces which makes it impossible to share cached keys across user namespaces by using the user namespace while this is possible with the session keyring. --- docs/ENVIRONMENT.md | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'docs') diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index b0b30949fb..30c987f834 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -743,3 +743,8 @@ Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as If unset, the default expiration of 150 seconds is used. If set to `0`, keys are not cached in the kernel keyring. If set to `infinity`, keys are cached without an expiration time in the kernel keyring. + +* `SYSTEMD_ASK_PASSWORD_KEYRING_TYPE` - takes a keyring ID or one of `thread`, + `process`, `session`, `user`, `user-session`, or `group`. Controls the kernel + keyring in which `systemd-ask-password` caches the queried password. Defaults + to `user`. -- cgit v1.2.3