From: Marcel Lauhoff Date: Fri, 13 Jun 2025 14:45:41 +0000 (+0200) Subject: rgw: Early Linux process keyring initialization X-Git-Tag: v21.0.1~14^2~13 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=000046793dab0f56bcc46aa318d9d0619bd850f8;p=ceph.git rgw: Early Linux process keyring initialization To allow RGW threads to share possession over process keyring keys the keyring must be created before a child thread adds keys. Since we only use the process keyring for KMS cache secrets, only initialize the keyring if it is enabled on startup. Signed-off-by: Marcel Lauhoff On-behalf-of: SAP marcel.lauhoff@sap.com --- diff --git a/src/rgw/CMakeLists.txt b/src/rgw/CMakeLists.txt index 5055d3d5d35..3d9db673db4 100644 --- a/src/rgw/CMakeLists.txt +++ b/src/rgw/CMakeLists.txt @@ -310,6 +310,7 @@ target_link_libraries(rgw_common legacy-option-headers global cls_rgw_client + keyring rt ICU::uc OATH::OATH diff --git a/src/rgw/rgw_main.cc b/src/rgw/rgw_main.cc index a3a38c8189e..5c5c1487934 100644 --- a/src/rgw/rgw_main.cc +++ b/src/rgw/rgw_main.cc @@ -3,6 +3,7 @@ #include #include "common/ceph_argparse.h" +#include "common/keyring.h" #include "global/global_init.h" #include "global/signal_handler.h" #include "common/config.h" @@ -107,6 +108,8 @@ int main(int argc, char *argv[]) DoutPrefix dp(cct.get(), dout_subsys, "rgw main: "); rgw::AppMain main(&dp); + LinuxKeyringSecret::initialize_process_keyring(); + main.init_frontends1(false /* nfs */); main.init_numa();