Last active
April 6, 2023 08:37
-
-
Save paigeadelethompson/7836c4a6d75dc868ad91507af2612144 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| localhost:/home/parallels # evm_kr_id=$(keyctl newring _evm @u) | |
| localhost:/home/parallels # keyctl show | |
| Session Keyring | |
| 707671089 --alswrv 1000 100 keyring: _ses | |
| 968893873 ---lswrv 1000 65534 \_ keyring: _uid.1000 | |
| localhost:/home/parallels # cd /etc/keys | |
| localhost:/etc/keys # ls | |
| ima | |
| localhost:/etc/keys # openssl genrsa -out /etc/keys/privkey.pem 1024 | |
| Generating RSA private key, 1024 bit long modulus (2 primes) | |
| ............+++++ | |
| ..........................................+++++ | |
| e is 65537 (0x010001) | |
| localhost:/etc/keys # openssl rsa -pubout -in /etc/keys/privkey.pem -out /etc/keys/pubkey.pem | |
| writing RSA key | |
| localhost:/etc/keys # evmctl import --rsa /etc/keys/pubkey.pem $evm_kr_id | |
| Importing public key C4DD02ECF1070C32 from file /etc/keys/pubkey.pem into keyring 443466111 | |
| add_key failed | |
| errno: Permission denied (13) | |
| localhost:/etc/keys # strace evmctl import --rsa /etc/keys/pubkey.pem $evm_kr_id | |
| ... | |
| add_key("user", "C4DD02ECF1070C32", "\1\0\0\0\0\0\2\4\0\333\3\337\236\223\243\t\233\3368N\366\0\237\37\203\266Eun\217&\346"..., 142, 443466111) = -1 EACCES (Permission denied) | |
| write(2, "add_key failed\n", 15add_key failed | |
| ) = 15 | |
| write(2, "errno: Permission denied (13)\n", 30errno: Permission denied (13) | |
| ) = 30 | |
| exit_group(125) = ? | |
| +++ exited with 125 +++ | |
| localhost:/etc/keys # cat /proc/cmdline | |
| BOOT_IMAGE=/boot/Image-5.14.21-150400.24.33-default root=UUID=cd11033e-749b-4575-8034-b2814ab19ab7 splash=silent preempt=full quiet security=apparmor mitigations=auto ima_appraise=fix ima_appraise_tcb evm=fix | |
| localhost:/etc/keys # | |
| https://man7.org/linux/man-pages/man2/add_key.2.html | |
| localhost:/etc/keys # cat /proc/keys | |
| 0f0ab292 I--Q--- 2 perm 1f3f0000 0 65534 keyring _uid.0: 1 | |
| 177c5825 I------ 1 perm 1f0b0000 0 0 keyring .blacklist: 1 | |
| 1a6ec17f I--Q--- 1 perm 3f010000 0 0 keyring _evm: empty | |
| 1d2a7d11 I------ 1 perm 1f0b0000 0 0 keyring .builtin_trusted_keys: 1 | |
| 1eaf4580 I--Q--- 1 perm 1f3f0000 0 65534 keyring _uid_ses.0: 1 | |
| 211094ae I--Q--- 1 perm 0c030000 0 65534 keyring .user_reg: 4 | |
| 214363f9 I------ 1 perm 1f030000 0 0 asymmetri SUSE Linux Enterprise Secure Boot Signkey: 0ac62b1f3f534271132586e29d3b1041591c824a: X509.rsa 591c824a [] | |
| 21cb3416 I------ 1 perm 1f0b0000 0 0 keyring .platform: empty | |
| 28af45b3 I------ 2 perm 1f010000 0 0 blacklist bin:0000000000000000000000000000000000000000000000000000000000000000 | |
| 2a2e3431 I--Q--- 68 perm 3f030000 1000 100 keyring _ses: 1 | |
| 2ab05d9e I------ 1 perm 1f030000 0 0 asymmetri SUSE Linux Enterprise Secure Boot Signkey: 0ac62b1f3f534271132586e29d3b1041591c824a: X509.rsa 591c824a [] | |
| 32372e55 I------ 1 perm 1f0f0000 0 0 keyring .ima: 1 | |
| 34760207 I------ 1 perm 1f0f0000 0 0 keyring .evm: empty | |
| 39c025b1 I--Q--- 3 perm 1f3f0000 1000 65534 keyring _uid.1000: empty | |
| localhost:/etc/keys # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment