From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Sep 2017 19:19:05 +0000 (+0200)
Subject: core: add new per-unit setting KeyringMode= for controlling kernel keyring setup
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=b8cf404aa0d2ad5826884fc03248f405ee91305e;p=elogind.git

core: add new per-unit setting KeyringMode= for controlling kernel keyring setup

Usually, it's a good thing that we isolate the kernel session keyring
for the various services and disconnect them from the user keyring.
However, in case of the cryptsetup key caching we actually want that
multiple instances of the cryptsetup service can share the keys in the
root user's user keyring, hence we need to be able to disable this logic
for them.

This adds KeyringMode=inherit|private|shared:

    inherit: don't do any keyring magic (this is the default in elogind --user)
    private: a private keyring as before (default in elogind --system)
    shared: the new setting
---

diff --git a/src/basic/missing.h b/src/basic/missing.h
index 2581920a8..4007e10a5 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -1137,6 +1137,10 @@ typedef int32_t key_serial_t;
 #define KEYCTL_DESCRIBE 6
 #endif
 
+#ifndef KEYCTL_LINK
+#define KEYCTL_LINK 8
+#endif
+
 #ifndef KEYCTL_READ
 #define KEYCTL_READ 11
 #endif