[Linux-ima-devel] Centos7 execute 'su -c "keyctl pipe 820080884"' show keyctl_read_alloc: Permission denied

[er_tou <er...@16...>]

hello,
    I encountered a problem， execute the following command to show the error.
$ su -c 'mkdir -p /etc/keys'
# To create and save the kernel master key (user type):
$ su -c 'modprobe trusted encrypted'
$ su -c 'keyctl add user kmk-user "`dd if=/dev/urandom bs=1 count=32 2>/dev/null`" @u'
$ su -c 'keyctl pipe `keyctl search @u user kmk-user` > /etc/keys/kmk-user.blob'
show "keyctl_read_alloc: Permission denied".


Problem location is 'keyctl pipe'.
[root@localhost ima_key_sign]# cat /proc/keys
029fddf9 I------     1 perm 1f030000     0     0 asymmetri CentOS Linux kernel signing key: d48863a7c16fcc274123e6298f74f057af19fc54: X509.RSA af19fc54 []
034d0e68 I--Q---     1 perm 1f3f0000  1000 65534 keyring   _uid.1000: empty
0a1ab8e3 I--Q---     1 perm 3f010000     0     0 user      kmk-user: 10


This keyring “kmk-user” don't have read permission.
Anyone have the question ? 
I hope get help? Thank, Thank, Thank


----------------------------------------------------------------------------------------
 but, below command can execute.
$ mkdir -p /etc/keys
# To create and save the kernel master key (user type):
$ modprobe trusted encrypted
$ keyctl add user kmk-user "`dd if=/dev/urandom bs=1 count=32 2>/dev/null`" @u
$ keyctl pipe `keyctl search @u user kmk-user` > /etc/keys/kmk-user.blob


Thanks，Looking forward to your reply！






-------------- next part --------------
An HTML attachment was scrubbed...