ecryptfs team mailing list archive

Thread
Date

[Bug 400484] Re: unable to show the contents of my kernel keyring

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: David Howells <dhowells@xxxxxxxxxx>
Date: Tue, 28 Jul 2009 14:16:48 -0000
Reply-to: Bug 400484 <400484@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

> kirkland@t61p:~$ keyctl show
>  Session Keyring
>         -3 --alswrv 1000 -1 keyring: _uid_ses.1000
>  698440950 --alswrv 1000 -1 \_ keyring: _uid.1000
>  575594151 --alswrv 1000 0 \_ user: 67354f2e3a6c1216
>  940463712 --alswrv 1000 0 \_ user: 1cb12fd405033223

Interesting.  You shouldn't have seen this at all.  PAM should have
given you your own session keyring when you logged in, which should be
called "_ses".  "_uid_ses.<UID>" is the backup session keyring you fall
back to if you don't get a session keyring for some reason.

PAM (pam_keyinit.so) should then make a link to the user keyring in the
session keyring.  This is done in userspace, not in the kernel.

Can you try stracing "su - kirkland" from root?  I see:

keyctl(0x1, 0, 0xffffffffffffffff, 0xfcb, 0) = 355497645
keyctl(0x8, 0xfffffffc, 0xfffffffd, 0, 0x1132700) = 0

which is KEYCTL_JOIN_SESSION_KEYRING followed by KEYCTL_LINK.

David

-- 
unable to show the contents of my kernel keyring
https://bugs.launchpad.net/bugs/400484
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” package in Ubuntu: Fix Released
Status in “keyutils” package in Ubuntu: New
Status in “linux” package in Ubuntu: In Progress

Bug description:
Running the command:
 $ keyctl show

I should see something like the following:
kirkland@t61p:~$ keyctl show
Session Keyring
       -3 --alswrv   1000    -1  keyring: _uid_ses.1000
698440950 --alswrv   1000    -1   \_ keyring: _uid.1000
575594151 --alswrv   1000     0       \_ user: 67354f2e3a6c1216
940463712 --alswrv   1000     0       \_ user: 1cb12fd405033223

And this is true, if I run the Jaunty 2.6.28 kernel on Karmic.

However, this is completely broken with the 2.6.31 Karmic kernel.

kirkland@x200:~$ keyctl show
Session Keyring
       -3 --alswrv   1000  1000  keyring: _ses


Major regression.  Hoses ecryptfs, which relies on keyutils.

:-Dustin

ProblemType: Bug
Architecture: amd64
Date: Thu Jul 16 21:32:48 2009
DistroRelease: Ubuntu 9.10
MachineType: LENOVO 7454CTO
Package: linux-image-2.6.31-3-generic 2.6.31-3.19
ProcCmdLine: root=UUID=d45ce184-de1d-48ac-a143-44ab4432a207 ro quiet splash
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-3.19-generic
RelatedPackageVersions: linux-backports-modules-2.6.31-3-generic N/A
SourcePackage: linux
Uname: Linux 2.6.31-3-generic x86_64
dmi.bios.date: 04/22/2009
dmi.bios.vendor: LENOVO
dmi.bios.version: 6DET44WW (2.08 )
dmi.board.name: 7454CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr6DET44WW(2.08):bd04/22/2009:svnLENOVO:pn7454CTO:pvrThinkPadX200:rvnLENOVO:rn7454CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 7454CTO
dmi.product.version: ThinkPad X200
dmi.sys.vendor: LENOVO

Follow ups

Re: [Bug 400484] Re: unable to show the contents of my kernel keyring
From: Dustin Kirkland, 2009-07-28