According of a documentation I have to create new session keyring when my script starts.
keyctl new_session
Sometimes the command returns the new keyring ID but often I get error message:
keyctl_session_to_parent: Operation not permitted
When it happens the content of keyring:
> cat /proc/keys
1c63fa6b I--Q--- 2 perm 1f3f0000 50848 65534 keyring _uid.50848: empty
21291866 I--Q--- 1 perm 1f3f0000 50848 65534 keyring _uid_ses.50848: 1
263af424 I--Q--- 4 perm 1f3f0000 0 65534 keyring _uid.0: empty
30e8b23b I--Q--- 11 perm 3f030000 0 0 keyring _ses: 1
Could you advice what happens and how to avoid the error message? Could it be caused by sudo?
It seems it's because of the ownership. Based on the man page of the 'keyctl_session_to_parent()', the calling process (the 'keyctl' command) and the parent process (the current shell) must have same 'UID:GID'.