Add a keys group with read access to /run/keys
This allows processes running as unprivileged users access to keys they might need
This commit is contained in:
parent
8f64e74414
commit
4ab5646417
|
@ -201,6 +201,7 @@
|
|||
openldap = 93;
|
||||
connman = 94;
|
||||
munin = 95;
|
||||
keys = 96;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing uid.
|
||||
|
||||
|
|
|
@ -136,7 +136,8 @@ fi
|
|||
# elsehwere)
|
||||
if ! mountpoint -q /run/keys; then
|
||||
rm -rf /run/keys
|
||||
mkdir -m 0700 /run/keys
|
||||
mkdir -m 0750 /run/keys
|
||||
chown root:keys /run/keys
|
||||
mount -t ramfs none /run/keys
|
||||
fi
|
||||
|
||||
|
|
|
@ -645,6 +645,8 @@ in
|
|||
'';
|
||||
|
||||
# Target for ‘charon send-keys’ to hook into.
|
||||
users.extraGroups.keys.gid = config.ids.gids.keys;
|
||||
|
||||
systemd.targets.keys =
|
||||
{ description = "Security Keys";
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue