Hi all, I have this requirement:
I have a daemon process whose ruid is a normal user and euid is root, it does most of its work under normal user, but occasionally it needs to change its euid to root to do something, so we can't just change both of its ruid and euid to normal user. And when I want to create a PAG for this process, I make this process to fork a child to exec aklog -setpag to do this, but our linux kernel is 2.6.34, which has keyring feature enabled, and we found that under this circumstance, the keyring created by this process belongs to the ruid, not euid, so the keyring created is root, and the aklog forked by this daemon can't write into this keyring, thus causing pag creation error. And I've tries many ways to change the permission of the keyring, but they didn't work. So does we consider the set-u-id process when integrating keyring feature into aklog -setpag? And in my case, I have a set-u-id process, and keyring feature enabled, and I want to create a pag for this daemon process, what can I do? Can I use aklog -setpag or there is something else workable? Thanks.
