From e6376b6a4195e9caa0f8600db4aaf499b91b65d9 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 15 Jul 2019 13:32:03 +0200 Subject: [PATCH 1/2] errno: add new ERRNO_IS_NOT_SUPPORTED() helper --- src/basic/errno-util.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h index 6053cde62dd..b2723b864e3 100644 --- a/src/basic/errno-util.h +++ b/src/basic/errno-util.h @@ -86,3 +86,11 @@ static inline bool ERRNO_IS_RESOURCE(int r) { ENFILE, ENOMEM); } + +/* Three different errors for "operation/system call/ioctl not supported" */ +static inline bool ERRNO_IS_NOT_SUPPORTED(int r) { + return IN_SET(abs(r), + EOPNOTSUPP, + ENOTTY, + ENOSYS); +} From 09a6b4f34fd29064bcbf83a7c42db8fb9d7e5f2e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 19 Nov 2019 18:47:31 +0100 Subject: [PATCH 2/2] ask-password: skip kernel keyring logic if we see EPERM Let's improve compat with container managers that block the keyring logic and return EPERM for them. --- src/shared/ask-password-api.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 04ef6b58932..9ffbe1bc4e0 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -168,7 +168,12 @@ static int ask_password_keyring(const char *keyname, AskPasswordFlags flags, cha return -EUNATCH; r = lookup_key(keyname, &serial); - if (r == -ENOSYS) /* when retrieving the distinction doesn't matter */ + if (ERRNO_IS_NOT_SUPPORTED(r) || r == -EPERM) /* when retrieving the distinction between "kernel or + * container manager don't support or allow this" and + * "no matching key known" doesn't matter. Note that we + * propagate EACCESS here (even if EPERM not) since + * that is used if the keyring is available but we lack + * access to the key. */ return -ENOKEY; if (r < 0) return r;