On 16.07.2013 14:39, Peter Volkov wrote: > Hi! Is it possible to run daemon without HAVE_LIBCAPNG? > > I've tried to run daemon without libcap-ng, having skd as suid binary, > but neither ssh keys were found in my ssh-agent cache nor pgp keys were > available. Also I saw > > WARNING: gnome-keyring:: couldn't connect to PKCS11 > > on every attempt to start anyther gkd instance. I've tried to debug and > found that on startup it created .cache/keyring-... files with the > following permissions: > > drwx------ 2 root peter 4096 июл 15 14:46 .cache/keyring-vNdpJF > > and my guess is that this is the reason for this failure > since .cache/keyring-vNdpJF/control is inaccessible for my user (peter) > due to permissions. In any case, once I rebuilt with libcap-ng enabled > everything works. > > But now I'm trying to understand: > 1. is it bug or gkd is not supposed to run without libcap-ng? Looking at > the code changing uid is supported only through capng_change_id() and > thus I don't see how it is supposed to run without this function?
Looks like a bug dropping the permissions. Could you file one in bugzilla? > 2. why every new invocation of gkd starts new process? It could just > print variables of "session" gkd and exit. Please use 'gnome-keyring-daemon --start' for that. Cheers, Stef _______________________________________________ gnome-keyring-list mailing list gnome-keyring-list@gnome.org https://mail.gnome.org/mailman/listinfo/gnome-keyring-list
