The application fails to start a new session where it's running out of the keyrings

Solution Verified - Updated -

Issue

  • The application fails to start a new session where it's running out of the keyrings.
$ cat /proc/keys
015c2fe8 IR-Q---     1 expd 3f030000  <uid>  <gid> keyring   _ses: empty
016d4d88 I--Q---    13 perm 3f030000     0     0 keyring   _ses: 1
01acc220 IR-Q---     1 expd 3f030000  <uid>  <gid> keyring   _ses: empty
01d3b1c9 IR-Q---     1 expd 3f030000  <uid>  <gid> keyring   _ses: empty
02130e71 IR-Q---     1 expd 3f030000  <uid>  <gid> keyring   _ses: empty
...//trim//...
3f17806a IR-Q---     1 expd 3f030000  <uid>  <gid> keyring   _ses: empty
3f739c90 IR-Q---     1 expd 3f030000  <uid>  <gid> keyring   _ses: empty

$ cat /proc/sys/kernel/keys/maxkeys 
200

$ cat /proc/keys | grep <uid> -c
200
  • Expired/revoked session/user-session/user/anonymous keyrings never be cleaned up hence maxkeys is reached and the application runs out of its keyring as a result. Neither reap nor clear works but fails due to EKEYREVOKED or EKEYEXPIRED.
    • Please take a look at Diagnostic Steps section to know how things look like where the issue is reproduced.
  • We would like to have some way to have expired/revoked keyrings GC-ed or cleaned up instead of increasing maxkeys indefinitely.

Environment

  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content