Skip to content

Commit

Permalink
run-snapd-from-snap: seed with access to keyring
Browse files Browse the repository at this point in the history
The new FDE manager needs access the kernel keyring to access the
primary key. That includes seeding.
  • Loading branch information
valentindavid authored and alfonsosanchezbeato committed Aug 20, 2024
1 parent 48fef8f commit 1cc5b26
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion static/usr/lib/core/run-snapd-from-snap
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ run_on_unseeded() {
# a systemd socket unit so that systemd own the socket, otherwise
# the socket file would be removed by snapd on exit and the snapd.seeded
# service will fail because it has nothing to talk to anymore.
systemd-run --unit=snapd-seeding --service-type=notify --socket-property ListenStream=/run/snapd.socket --socket-property ListenStream=/run/snapd-snap.socket "$SNAPD_BASE_DIR"/usr/lib/snapd/snapd
systemd-run --unit=snapd-seeding --service-type=notify --socket-property ListenStream=/run/snapd.socket --socket-property ListenStream=/run/snapd-snap.socket --property KeyringMode=inherit "$SNAPD_BASE_DIR"/usr/lib/snapd/snapd
# we need to start the snapd service from above explicitly, systemd-run
# only enables the socket but does not start the service.
systemctl start --wait snapd-seeding.service
Expand Down

0 comments on commit 1cc5b26

Please sign in to comment.