diff options
author | Lennart Poettering <lennart@poettering.net> | 2019-11-19 18:47:31 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2019-11-19 19:12:09 +0100 |
commit | 09a6b4f34fd29064bcbf83a7c42db8fb9d7e5f2e (patch) | |
tree | 9a21c8fd47ad8c625a330de14292a5df06880732 /src/shared/ask-password-api.c | |
parent | e6376b6a4195e9caa0f8600db4aaf499b91b65d9 (diff) | |
download | systemd-09a6b4f34fd29064bcbf83a7c42db8fb9d7e5f2e.tar.gz |
ask-password: skip kernel keyring logic if we see EPERM
Let's improve compat with container managers that block the keyring
logic and return EPERM for them.
Diffstat (limited to 'src/shared/ask-password-api.c')
-rw-r--r-- | src/shared/ask-password-api.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 04ef6b5893..9ffbe1bc4e 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -168,7 +168,12 @@ static int ask_password_keyring(const char *keyname, AskPasswordFlags flags, cha return -EUNATCH; r = lookup_key(keyname, &serial); - if (r == -ENOSYS) /* when retrieving the distinction doesn't matter */ + if (ERRNO_IS_NOT_SUPPORTED(r) || r == -EPERM) /* when retrieving the distinction between "kernel or + * container manager don't support or allow this" and + * "no matching key known" doesn't matter. Note that we + * propagate EACCESS here (even if EPERM not) since + * that is used if the keyring is available but we lack + * access to the key. */ return -ENOKEY; if (r < 0) return r; |