diff options
| -rw-r--r-- | man/systemd.exec.xml | 4 | ||||
| -rw-r--r-- | src/core/service.c | 3 | ||||
| -rw-r--r-- | src/core/unit.c | 2 |
3 files changed, 6 insertions, 3 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index f01599f656..d4dc2843ec 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -631,8 +631,8 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> processes. In this modes multiple units running processes under the same user ID may share key material. Unless <option>inherit</option> is selected the unique invocation ID for the unit (see below) is added as a protected key by the name <literal>invocation_id</literal> to the newly created session keyring. Defaults to - <option>private</option> for the system service manager and to <option>inherit</option> for the user service - manager.</para></listitem> + <option>private</option> for services of the system service manager and to <option>inherit</option> for + non-service units and for services of the user service manager.</para></listitem> </varlistentry> <varlistentry> diff --git a/src/core/service.c b/src/core/service.c index f2d4333719..1997c82ac3 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -120,6 +120,9 @@ static void service_init(Unit *u) { s->guess_main_pid = true; s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID; + + s->exec_context.keyring_mode = MANAGER_IS_SYSTEM(u->manager) ? + EXEC_KEYRING_PRIVATE : EXEC_KEYRING_INHERIT; } static void service_unwatch_control_pid(Service *s) { diff --git a/src/core/unit.c b/src/core/unit.c index 0d0f10f5f7..8c0e157a90 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -186,7 +186,7 @@ static void unit_init(Unit *u) { exec_context_init(ec); ec->keyring_mode = MANAGER_IS_SYSTEM(u->manager) ? - EXEC_KEYRING_PRIVATE : EXEC_KEYRING_INHERIT; + EXEC_KEYRING_SHARED : EXEC_KEYRING_INHERIT; } kc = unit_get_kill_context(u); |