- Drop 0011-core-disable-session-keyring-per-system-sevice-entir.patch

Since bsc#1081947 has been addressed, we can attempt to re-enable private
  session kernel keyring for each system service hence each service gets a
  session keyring that is specific to the service.

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1278

0011-core-disable-session-keyring-per-system-sevice-entir.patch

@@ -1,45 +0,0 @@
-From 67f3fa5aa2781d42c809da9303f81b28544824d8 Mon Sep 17 00:00:00 2001
-From: Franck Bui <fbui@suse.com>
-Date: Thu, 6 Jul 2017 15:48:10 +0200
-Subject: [PATCH 10/11] core: disable session keyring per system sevice
- entirely for now
-
-Until PAM module "pam_keyinit" is fully integrated in SUSE's PAM stack, this
-feature has to be disabled.
-
-openSUSE is still not ready for enabling the keyring stuff (see
-bsc#1081947). Some services got fixed (sshd, getty@.service) but some still
-haven't (xdm, login, ...)
-
-So leave it disabled again otherwise different users might end up using the
-same session keyring - the one created for the service used for logging in
-(sshd, getty@.service, xdm, etc...)
-
-The integration of pam_keyinit is tracked here:
-https://bugzilla.opensuse.org/show_bug.cgi?id=1081947
-
-See also:
-https://github.com/systemd/systemd/pull/6286
-
-[fbui: fixes boo#1045886]
----
- src/core/execute.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/core/execute.c b/src/core/execute.c
-index 2a337b55a2..b5a1a3b6e5 100644
---- a/src/core/execute.c
-+++ b/src/core/execute.c
-@@ -3356,6 +3356,9 @@ static int setup_keyring(
-         assert(context);
-         assert(p);
- 
-+        /* SUSE: pam_keyinit is still not fully integrated to SUSE's PAM stack... */
-+        return 0;
-+
-         /* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that
-          * each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond
-          * that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be
--- 
-2.26.2
-

systemd.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Apr 19 11:17:03 UTC 2022 - Franck Bui <fbui@suse.com>
+
+- Drop 0011-core-disable-session-keyring-per-system-sevice-entir.patch
+
+  Since bsc#1081947 has been addressed, we can attempt to re-enable private
+  session kernel keyring for each system service hence each service gets a
+  session keyring that is specific to the service.
+
 -------------------------------------------------------------------
 Tue Apr 19 07:30:31 UTC 2022 - Franck Bui <fbui@suse.com>
 

systemd.spec

@@ -195,7 +195,6 @@ Patch5:         0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
 Patch8:         0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
 %endif
 Patch10:        0001-conf-parser-introduce-early-drop-ins.patch
-Patch11:        0011-core-disable-session-keyring-per-system-sevice-entir.patch
 Patch12:        0009-pid1-handle-console-specificities-weirdness-for-s390.patch
 
 # Temporary workaround until bsc#1197178 is addressed.