| .\" |
| .\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. |
| .\" Written by David Howells (dhowells@redhat.com) |
| .\" |
| .\" This program is free software; you can redistribute it and/or |
| .\" modify it under the terms of the GNU General Public Licence |
| .\" as published by the Free Software Foundation; either version |
| .\" 2 of the Licence, or (at your option) any later version. |
| .\" |
| .TH "PROCESS KEYRING" 7 "19 Feb 2014" Linux "Kernel key management" |
| .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
| .SH NAME |
| process_keyring \- Per-process shared keyring |
| .SH DESCRIPTION |
| The |
| .B process keyring |
| is a keyring used to anchor keys on behalf of a process. It is only created |
| when a process requests it. |
| .P |
| A special serial number value, \fBKEY_SPEC_PROCESS_KEYRING\fP, is defined that |
| can be used in lieu of the calling process's process keyring's actual serial |
| number. |
| .P |
| From the keyctl utility, '\fB@p\fP' can be used instead of a numeric key ID in |
| much the same way, but as keyctl is a program run after forking, this is of no |
| utility. |
| .P |
| A process's process keyring is inherited across clone() with CLONE_THREAD and |
| is cleared by execve(). The process keyring will be destroyed when the last |
| thread that refers to it exits. |
| .P |
| If a process doesn't have a process keyring when it is accessed, then the |
| process keyring will be created if the keyring is to be modified, otherwise |
| error ENOKEY will be issued. |
| .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
| .SH SEE ALSO |
| .BR keyctl (1), |
| .br |
| .BR keyctl (3), |
| .br |
| .BR keyrings (7), |
| .br |
| .BR thread-keyring (7), |
| .br |
| .BR process-keyring (7), |
| .br |
| .BR session-keyring (7), |
| .br |
| .BR user-keyring (7), |
| .br |
| .BR user-session-keyring (7), |
| .br |
| .BR persistent-keyring (7) |