New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key Request Service (Documentation/security/keys/request-key.rst) unable to perform upcalls #11470
Comments
Logs are required for review from WSL teamIf this a feature request, please reply with '/feature'. If this is a question, reply with '/question'. How to collect WSL logsDownload and execute collect-wsl-logs.ps1 in an administrative powershell prompt:
The scipt will output the path of the log file once done. Once completed please upload the output files to this Github issue. Click here for more info on logging View similar issuesPlease view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it! Closed similar issues:
|
/feature |
Diagnostic information
|
After examining the contents of the |
I've submitted a matching feature request to AzureLinux (formerly known as CBL-Mariner). |
Windows Version
Microsoft Windows [Version 10.0.22631.3520]
WSL Version
0.0.0.0
Are you using WSL 1 or WSL 2?
Kernel Version
5.15.150.1
Distro Version
Debian 12.2.0
Other Software
keyutils-1.6.3 (Built 2022-12-18)
Repro Steps
The keyutils key request service documented in Documentation/security/keys/request-key.rst is used for management of keyrings as as well as dns resolution and id mapping. The key request service executes /sbin/request-key which performs the requested operation.
Reproduction of the failure can be performed by executing
Expected Behavior
If the upcall succeeds /sbin/request-key will have been launched and key named "foo" will be visible within the /proc/keys output.
Actual Behavior
The /sbin/request-key process is not executed and "keyctl request2" fails with
request_key: No such file or directory
.The underlying problem is that "/sbin/request-key" cannot be found.
# keyctl request2 user debug:foo "expired" @s request_key: No such file or directory
The underlying problem appears to be that /sbin/request-key and its configuration /etc/request-key.conf are present in the WSL2 container's root filesystem and not the filesystem of the underlying host.
$ ls -l /sbin/request-key -rwxr-xr-x 1 root root 26952 Dec 18 2022 /sbin/request-key
Without a functioning key request service it is not possible to keyrings, nfs, cifs, afs, id mapping, and other services that rely upon the key request service cannot properly function.
I'm not sure if the fix is for WSL2 to install keyutils as part of the host root filesystem or for the Linux kernel to be patched to execute /sbin/request-key from the container's root filesystem.
Diagnostic Logs
Diagnostic logs should not be required to reproduce this issue. Prior bug reports such as #9540 are the same as this report but were closed due to inactivity.
The text was updated successfully, but these errors were encountered: