diff --git a/0011-core-disable-session-keyring-per-system-sevice-entir.patch b/0011-core-disable-session-keyring-per-system-sevice-entir.patch deleted file mode 100644 index 9d5bad80..00000000 --- a/0011-core-disable-session-keyring-per-system-sevice-entir.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 67f3fa5aa2781d42c809da9303f81b28544824d8 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Thu, 6 Jul 2017 15:48:10 +0200 -Subject: [PATCH 10/11] core: disable session keyring per system sevice - entirely for now - -Until PAM module "pam_keyinit" is fully integrated in SUSE's PAM stack, this -feature has to be disabled. - -openSUSE is still not ready for enabling the keyring stuff (see -bsc#1081947). Some services got fixed (sshd, getty@.service) but some still -haven't (xdm, login, ...) - -So leave it disabled again otherwise different users might end up using the -same session keyring - the one created for the service used for logging in -(sshd, getty@.service, xdm, etc...) - -The integration of pam_keyinit is tracked here: -https://bugzilla.opensuse.org/show_bug.cgi?id=1081947 - -See also: -https://github.com/systemd/systemd/pull/6286 - -[fbui: fixes boo#1045886] ---- - src/core/execute.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 2a337b55a2..b5a1a3b6e5 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -3356,6 +3356,9 @@ static int setup_keyring( - assert(context); - assert(p); - -+ /* SUSE: pam_keyinit is still not fully integrated to SUSE's PAM stack... */ -+ return 0; -+ - /* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that - * each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond - * that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be --- -2.26.2 - diff --git a/systemd.changes b/systemd.changes index fa5c3ae0..95301ad7 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Apr 19 11:17:03 UTC 2022 - Franck Bui + +- Drop 0011-core-disable-session-keyring-per-system-sevice-entir.patch + + Since bsc#1081947 has been addressed, we can attempt to re-enable private + session kernel keyring for each system service hence each service gets a + session keyring that is specific to the service. + ------------------------------------------------------------------- Tue Apr 19 07:30:31 UTC 2022 - Franck Bui diff --git a/systemd.spec b/systemd.spec index dd3ed7a4..4bcf3412 100644 --- a/systemd.spec +++ b/systemd.spec @@ -195,7 +195,6 @@ Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch %endif Patch10: 0001-conf-parser-introduce-early-drop-ins.patch -Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch Patch12: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch # Temporary workaround until bsc#1197178 is addressed.