core: link user session keyring to session keyring

eworm-de · eworm-de · commit b1d4ff7708b1 · 2017-07-04T22:37:20.000+02:00
Commit 74dd6b5 (core: run each system service with a fresh session keyring) broke adding keys to default keyrings. Added keys could not be accessed with error message: keyctl_read_alloc: Permission denied Commit 437a851 (core: link user keyring to session keyring (systemd#6275)) fixed this for the user keyring. Link the user session keyring as well.
diff --git a/src/core/execute.c b/src/core/execute.c
@@ -2100,12 +2100,17 @@ static int setup_keyring(Unit *u, const ExecParameters *p, uid_t uid, gid_t gid)
         }
 
         /* Having our own session keyring is nice, but results in keys added
-         * to the user keyring being inaccessible with permission denied.
-         * So link the user keyring to our session keyring. */
+         * to the user and user session keyring being inaccessible with
+         * permission denied.
+         * So link the keyrings to our session keyring. */
         if (keyctl(KEYCTL_LINK,
                    KEY_SPEC_USER_KEYRING,
                    keyring,  0, 0) < 0)
                 return log_debug_errno(errno, "Failed to link user keyring to session keyring.");
+        if (keyctl(KEYCTL_LINK,
+                   KEY_SPEC_USER_SESSION_KEYRING,
+                   keyring,  0, 0) < 0)
+                return log_debug_errno(errno, "Failed to link user session keyring to session keyring.");
 
         /* Populate they keyring with the invocation ID by default. */
         if (!sd_id128_is_null(u->invocation_id)) {
