The restraint test harness is started via a systemd unit file. In this environment, there is no user keyring linked into the session keyring:
# keyctl show Session Keyring 406647380 --alswrv 0 0 keyring: _ses 148623625 ----s-rv 0 0 \_ user: invocation_id As a result, the security.sh test fails. The logs show: ++ keyctl show ++ grep -Eo '_uid.[0-9]+' ++ head -1 ++ cut -d. -f2- + uid= + '[' '' -ne 0 ']' /root/rpmbuild/BUILD/ndctl-71.1/test/security.sh: line 245: [: : integer expression expected and: + keyctl search @u encrypted nvdimm:cdab-0a-07e0-feffffff keyctl_search: Required key not available + keyctl search @u user nvdimm-master keyctl_search: Required key not available ++ hostname + '[' -f /etc/ndctl/keys/nvdimm_cdab-0a-07e0-feffffff_storageqe-40.sqe.lab.eng.bos.redhat.com.blob ']' + setup_keys + '[' '!' -d /etc/ndctl/keys ']' + '[' -f /etc/ndctl/keys/nvdimm-master.blob ']' + '[' -f /etc/ndctl/keys/tpm.handle ']' + dd if=/dev/urandom bs=1 count=32 + keyctl padd user nvdimm-master @u ++ keyctl search @u user nvdimm-master + keyctl pipe 416513477 keyctl_read_alloc: Permission denied ++ err 47 +++ basename /root/rpmbuild/BUILD/ndctl-71.1/test/security.sh ++ echo test/security.sh: failed at line 47 ++ '[' -n '' ']' ++ exit 1 To fix this, create a new session keyring and link in the user keyring from within the script. Signed-off-by: Jeff Moyer <[email protected]> diff --git a/test/security.sh b/test/security.sh index 34c4977..1aa8488 100755 --- a/test/security.sh +++ b/test/security.sh @@ -43,6 +43,9 @@ setup_keys() backup_handle=1 fi + # Make sure there is a session and a user keyring linked into it + keyctl new_session + keyctl link @u @s dd if=/dev/urandom bs=1 count=32 2>/dev/null | keyctl padd user "$masterkey" @u keyctl pipe "$(keyctl search @u user $masterkey)" > "$masterpath" }
