2016-11-01 15:45:33 +00:00
|
|
|
.\"
|
|
|
|
.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
|
|
|
|
.\" Written by David Howells (dhowells@redhat.com)
|
|
|
|
.\"
|
|
|
|
.\" This program is free software; you can redistribute it and/or
|
|
|
|
.\" modify it under the terms of the GNU General Public Licence
|
|
|
|
.\" as published by the Free Software Foundation; either version
|
|
|
|
.\" 2 of the Licence, or (at your option) any later version.
|
|
|
|
.\"
|
2016-11-01 17:16:43 +00:00
|
|
|
.TH "USER-SESSION-KEYRING" 7 2016-11-01 Linux "Linux Programmer's Manual"
|
2016-11-01 15:45:33 +00:00
|
|
|
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
|
|
|
|
.SH NAME
|
|
|
|
user_session_keyring \- Per-user default session keyring
|
|
|
|
.SH DESCRIPTION
|
|
|
|
The
|
|
|
|
.B user session keyring
|
|
|
|
is a keyring used to anchor keys on behalf of a user. Each UID the kernel
|
|
|
|
deals with has its own user session keyring. This keyring is associated with
|
|
|
|
the record that the kernel maintains for the UID and, once created, is retained
|
|
|
|
as long as that record persists. It is shared amongst all processes of that
|
|
|
|
UID.
|
|
|
|
.P
|
|
|
|
The user session keyring is created on demand when a thread requests it or when
|
|
|
|
a thread asks for its \fBsession keyring\fP and that doesn't exist. In the
|
|
|
|
latter case, a user session keyring will be created and, if the session keyring
|
|
|
|
wasn't to be created, the user session keyring will be set as the process's
|
|
|
|
actual session keyring.
|
|
|
|
.P
|
|
|
|
The user session keyring is searched by \fBrequest_key\fP() if the actual
|
|
|
|
session keyring does not exist and is ignored otherwise.
|
|
|
|
.P
|
|
|
|
A special serial number value, \fBKEY_SPEC_USER_SESSION_KEYRING\fP, is defined
|
|
|
|
that can be used in lieu of the calling process's user session keyring's actual
|
|
|
|
serial number.
|
|
|
|
.P
|
|
|
|
From the keyctl utility, '\fB@us\fP' can be used instead of a numeric key ID in
|
|
|
|
much the same way.
|
|
|
|
.P
|
|
|
|
User session keyrings are independent of clone(), fork(), vfork(), execve() and
|
|
|
|
exit() excepting that the keyring is destroyed when the UID record is destroyed
|
|
|
|
when the last process pinning it exits.
|
|
|
|
.P
|
|
|
|
If a user session keyring does not exist when it is accessed, it will be
|
|
|
|
created.
|
|
|
|
.P
|
|
|
|
It is strongly recommended that a \fBsession keyring\fP be set explicitly, for
|
|
|
|
example by \fBpam_keyinit\fP, rather than relying on the user session keyring -
|
|
|
|
particularly if a process is running as root.
|
|
|
|
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
|
|
|
|
.SH SEE ALSO
|
2016-11-01 17:12:21 +00:00
|
|
|
.ad l
|
|
|
|
.nh
|
2016-11-01 15:45:33 +00:00
|
|
|
.BR keyctl (1),
|
|
|
|
.BR keyctl (3),
|
|
|
|
.BR keyrings (7),
|
2016-11-01 17:12:21 +00:00
|
|
|
.BR persistent\-keyring (7),
|
|
|
|
.BR process\-keyring (7),
|
|
|
|
.BR session\-keyring (7),
|
|
|
|
.BR thread\-keyring (7),
|
|
|
|
.BR user\-keyring (7)
|