2016-11-01 15:44:43 +00:00
|
|
|
.\"
|
|
|
|
.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
|
|
|
|
.\" Written by David Howells (dhowells@redhat.com)
|
|
|
|
.\"
|
2016-11-02 11:24:22 +00:00
|
|
|
.\" %%%LICENSE_START(GPLv2+_SW_ONEPARA)
|
2016-11-01 15:44:43 +00:00
|
|
|
.\" This program is free software; you can redistribute it and/or
|
|
|
|
.\" modify it under the terms of the GNU General Public Licence
|
|
|
|
.\" as published by the Free Software Foundation; either version
|
|
|
|
.\" 2 of the Licence, or (at your option) any later version.
|
2016-11-02 11:24:22 +00:00
|
|
|
.\" %%%LICENSE_END
|
2016-11-01 15:44:43 +00:00
|
|
|
.\"
|
2016-11-01 17:16:43 +00:00
|
|
|
.TH "PROCESS-KEYRING" 7 2016-11-01 Linux "Linux Programmer's Manual"
|
2016-11-01 15:44:43 +00:00
|
|
|
.SH NAME
|
2016-11-01 17:26:22 +00:00
|
|
|
process-keyring \- per-process shared keyring
|
2016-11-01 15:44:43 +00:00
|
|
|
.SH DESCRIPTION
|
2016-11-01 18:08:09 +00:00
|
|
|
The process keyring is a keyring used to anchor keys on behalf of a process.
|
2016-11-01 20:58:07 +00:00
|
|
|
It is created only when a process requests it.
|
2016-11-01 15:44:43 +00:00
|
|
|
.P
|
2016-11-01 18:08:09 +00:00
|
|
|
A special serial number value,
|
|
|
|
.BR KEY_SPEC_PROCESS_KEYRING ,
|
|
|
|
is defined that
|
2016-11-01 15:44:43 +00:00
|
|
|
can be used in lieu of the calling process's process keyring's actual serial
|
|
|
|
number.
|
|
|
|
.P
|
|
|
|
From the keyctl utility, '\fB@p\fP' can be used instead of a numeric key ID in
|
|
|
|
much the same way, but as keyctl is a program run after forking, this is of no
|
|
|
|
utility.
|
|
|
|
.P
|
2016-11-01 18:08:09 +00:00
|
|
|
A process's process keyring is inherited across
|
|
|
|
.BR clone (2)
|
|
|
|
with
|
|
|
|
.B CLONE_THREAD
|
|
|
|
and is cleared by
|
|
|
|
.BR execve (2).
|
2016-11-01 17:45:14 +00:00
|
|
|
The process keyring will be destroyed when the last
|
2016-11-01 15:44:43 +00:00
|
|
|
thread that refers to it exits.
|
|
|
|
.P
|
|
|
|
If a process doesn't have a process keyring when it is accessed, then the
|
|
|
|
process keyring will be created if the keyring is to be modified, otherwise
|
2016-11-01 18:08:09 +00:00
|
|
|
error
|
|
|
|
.B ENOKEY
|
|
|
|
will be issued.
|
2016-11-01 15:44:43 +00:00
|
|
|
.SH SEE ALSO
|
2016-11-01 17:12:21 +00:00
|
|
|
.ad l
|
|
|
|
.nh
|
2016-11-01 15:44:43 +00:00
|
|
|
.BR keyctl (1),
|
|
|
|
.BR keyctl (3),
|
|
|
|
.BR keyrings (7),
|
2016-11-01 17:12:21 +00:00
|
|
|
.BR persistent\-keyring (7),
|
|
|
|
.BR process\-keyring (7),
|
|
|
|
.BR session\-keyring (7),
|
|
|
|
.BR thread\-keyring (7),
|
|
|
|
.BR user\-keyring (7),
|
|
|
|
.BR user\-session\-keyring (7)
|