keyctl 禁用 VMVware CPU

keyctl 禁用 VMVware CPU

keyctl我在理解如何运作,特别是功能方面有点困难request2。据我了解,request2将尝试搜索给定的字符串,如果找到则返回它。如果未找到,则调用应用程序,该应用程序将执行和/sbin/request-key描述的操作(如果适用)。/etc/request-key.d/*/etc/request-key.conf

然而,在测试过程中我遇到了一些问题。

[user@localhost ~]$ cat /etc/request-key.conf
###############################################################################
#
# Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
...snip... 
###############################################################################

#OP     TYPE    DESCRIPTION     CALLOUT INFO    PROGRAM ARG1 ARG2 ARG3 ...
#====== ======= =============== =============== ===============================
create  dns_resolver *          *               /sbin/key.dns_resolver %k
create  user    debug:*         negate          /bin/keyctl negate %k 30 %S
create  user    debug:*         rejected        /bin/keyctl reject %k 30 %c %S
create  user    debug:*         expired         /bin/keyctl reject %k 30 %c %S
create  user    debug:*         revoked         /bin/keyctl reject %k 30 %c %S
create  user    debug:loop:*    *               |/bin/cat
create  user    debug:*         *               /usr/share/keyutils/request-key-debug.sh %k %d %c %S
negate  *       *               *               /bin/keyctl negate %k 30 %S
[user@localhost ~]$

创建一个调试循环,它将创建一个真正的密钥,keyctl print并生成正确的输出。

[user@localhost ~]$ keyctl request2 user debug:loop:test "loop test"
181348864
[user@localhost ~]$ keyctl show
Session Keyring
 141395006 --alswrv   1000  1000  keyring: _ses
 521399390 --alswrv   1000 65534   \_ keyring: _uid.1000
 181348864 --alswrv   1000  1000   \_ user: debug:loop:test
 691271691 --alswrv   1000  1000   \_ user: debug:test
[user@localhost ~]$ keyctl print 181348864
loop test
[user@localhost ~]$

创建另一个密钥,它将为每个创建一个调试条目request-key.confkeyctl print正确打印密钥。

[user@localhost ~]$ keyctl request2 user debug:se-test "hello hello"
1061018025
[user@localhost ~]$ keyctl show
Session Keyring
 141395006 --alswrv   1000  1000  keyring: _ses
 521399390 --alswrv   1000 65534   \_ keyring: _uid.1000
1061018025 --alswrv   1000  1000   \_ user: debug:se-test
 181348864 --alswrv   1000  1000   \_ user: debug:loop:test
 691271691 --alswrv   1000  1000   \_ user: debug:test
[user@localhost ~]$
[user@localhost ~]$ keyctl print 1061018025
Debug hello hello
[user@localhost ~]$

创建一个不匹配任何其他规则的密钥,应创建一个负密钥。keyctl print触发 VMWare 中禁用的 CPU 强制重置。

[user@localhost ~]$ keyctl request2 user se:test "blah"
request_key: Required key not available
[user@localhost ~]$ keyctl show
Session Keyring
 141395006 --alswrv   1000  1000  keyring: _ses
 521399390 --alswrv   1000 65534   \_ keyring: _uid.1000
  65104736 --alswrv   1000  1000   \_ user: se:test
1061018025 --alswrv   1000  1000   \_ user: debug:se-test
 181348864 --alswrv   1000  1000   \_ user: debug:loop:test
 691271691 --alswrv   1000  1000   \_ user: debug:test
[user@localhost ~]$ keyctl desc 65104736
 65104736: alswrv-----v------------  1000  1000 user: se:test
[user@localhost ~]$
[user@localhost ~]$ keyctl print 65104736

创建负调试密钥,keyctl print触发方式与上面相同。

[user@localhost ~]$ keyctl request2 user debug:negatetest negate
request_key: Required key not available
[user@localhost ~]$ keyctl show
Session Keyring
1018725144 --alswrv   1000  1000  keyring: _ses
 478030378 --alswrv   1000 65534   \_ keyring: _uid.1000
 799585275 --alswrv   1000  1000   \_ user: debug:negatetest
[user@localhost ~]$
[user@localhost ~]$ keyctl desc 799585275
799585275: alswrv-----v------------  1000  1000 user: debug:negatetest
[user@localhost ~]$ keyctl print 799585275

在尝试读取(应该是)负密钥时,操作系统会自发关闭。

据我了解,负键无法读取,但是,立即关闭操作系统电源是预期的结果吗?

我得到的具体错误如下:

CPU 已被客户操作系统禁用。关闭或重置虚拟机。

request-key.conf我已经浏览了、keyctl(1)和的文档keyctl(2),但找不到任何东西。如果我错过了什么,请随时指出我相关的部分并 RTFM 我。

谢谢!

相关内容