core: add new per-unit setting KeyringMode= for controlling kernel keyring setup

Usually, it's a good thing that we isolate the kernel session keyring
for the various services and disconnect them from the user keyring.
However, in case of the cryptsetup key caching we actually want that
multiple instances of the cryptsetup service can share the keys in the
root user's user keyring, hence we need to be able to disable this logic
for them.

This adds KeyringMode=inherit|private|shared:

    inherit: don't do any keyring magic (this is the default in elogind --user)
    private: a private keyring as before (default in elogind --system)
    shared: the new setting

diff --git a/src/basic/missing.h b/src/basic/missing.h
index 2581920a812963ba7f2042b2cf08e57b8e02c09e..4007e10a5b05a693cc32be74f4d6e248cb30c21b 100644 (file)
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -1137,6 +1137,10 @@ typedef int32_t key_serial_t;
 #define KEYCTL_DESCRIBE 6
 #endif
 
+#ifndef KEYCTL_LINK
+#define KEYCTL_LINK 8
+#endif
+
 #ifndef KEYCTL_READ
 #define KEYCTL_READ 11
 #endif