kdump-utils/0003-Allow-kdump.service-to-access-LUKS-volume-keys.patch

From 280d4b6237b1f3bcad9cfba5e51b4f55d8b718c9 Mon Sep 17 00:00:00 2001
From: Coiby Xu <coxu@redhat.com>
Date: Mon, 3 Nov 2025 09:26:21 +0800
Subject: [PATCH 3/5] Allow kdump.service to access LUKS volume keys

Resoles: https://issues.redhat.com/browse/RHEL-124989

Currently kdump.service fails to read LUKS volume keys,

    kdumpctl[4001]: Nothing to read on input.
    kdumpctl[3624]: kdump: Error: Could not unlock the LUKS device.
    kdumpctl[3624]: kdump: Failed to get logon key kdump-cryptsetup:vk-eed43d84-d79f-4b6d-8159-c859bb1915ee. Run 'kdumpctl restart' manually to start kdump.
    kdumpctl[3624]: kdump: kexec: failed to prepare for a LUKS target
    kdumpctl[3624]: kdump: Starting kdump: [FAILED]
    systemd[1]: kdump.service: Main process exited, code=exited, status=1/FAILURE
    systemd[1]: kdump.service: Failed with result 'exit-code'.
    systemd[1]: Failed to start kdump.service - Crash recovery kernel arming.

Use KeyringMode=shared to link the user keyring of root to the session
keyring so kdump.service can access the LUKS volume keys stored in
root's user keyring. For more details on KeyringMode, man systemd.exec.

Fixes: d9677e17 ("Support dumping to a LUKS-encrypted target")
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 kdump.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kdump.service b/kdump.service
index 84de7af2..a8771a81 100644
--- a/kdump.service
+++ b/kdump.service
@@ -11,6 +11,7 @@ ExecStop=/usr/bin/kdumpctl stop
 ExecReload=/usr/bin/kdumpctl reload
 RemainAfterExit=yes
 StartLimitInterval=0
+KeyringMode=shared
 
 [Install]
 WantedBy=multi-user.target
-- 
2.51.1