From 05634f272c5e17fb7de5948f26fe5b21bcec64a9 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Tue, 19 Sep 2023 15:18:10 +0200
Subject: [PATCH] Drop setting kernel key permissions.

Libcryptsetup should not set such permissions. All
the issues it aims to solve can be workaround by
caller linking the key in appropriate keyring
first and moving it in final destination later.
---
 lib/utils_keyring.c | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/lib/utils_keyring.c b/lib/utils_keyring.c
index 6b6753bb..cb88da7b 100644
--- a/lib/utils_keyring.c
+++ b/lib/utils_keyring.c
@@ -80,16 +80,6 @@ static long keyctl_read(key_serial_t key, char *buffer, size_t buflen)
 	return syscall(__NR_keyctl, KEYCTL_READ, key, buffer, buflen);
 }
 
-/* key handle permissions mask */
-typedef uint32_t key_perm_t;
-#define KEY_POS_ALL	0x3f000000
-#define KEY_USR_ALL	0x003f0000
-
-static long keyctl_setperm(key_serial_t id, key_perm_t perm)
-{
-	return syscall(__NR_keyctl, KEYCTL_SETPERM, id, perm);
-}
-
 /* keyctl_link */
 static long keyctl_link(key_serial_t key, key_serial_t keyring)
 {
@@ -466,11 +456,6 @@ int keyring_add_key_to_custom_keyring(key_type_t ktype,
 	if (kid < 0)
 		return -errno;
 
-	/* FIXME: could we delegate it to the caller? */
-	// see https://mjg59.dreamwidth.org/37333.html
-	if (keyring_to_link == KEY_SPEC_USER_KEYRING || keyring_to_link == KEY_SPEC_USER_SESSION_KEYRING)
-		keyctl_setperm(kid, KEY_POS_ALL | KEY_USR_ALL);
-
 	return 0;
 }