mirror of https://github.com/mkerrisk/man-pages
request_key.2: Improve description of default keyring when dest_keyring is zero
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
6dfb4dda6e
commit
5e0d5def6c
|
|
@ -106,42 +106,52 @@ is specified to
|
|||
.BR 0 ,
|
||||
and no key construction have been performed,
|
||||
then no additional linking is done.
|
||||
Otherwise, if a new key is constructed, it will be linked to the "default"
|
||||
keyring (which can be specified via the
|
||||
|
||||
Otherwise, if
|
||||
.I dest_keyring
|
||||
is 0 and a new key is constructed, the new key will be linked
|
||||
to the "default" keyring.
|
||||
More precisely, when the kernel tries to determine to which keyring the
|
||||
newly constructed key should be linked,
|
||||
it tries the following keyrings,
|
||||
beginning with the keyring set via the
|
||||
.BR keyctl (2)
|
||||
command
|
||||
.BR KEYCTL_SET_REQKEY_KEYRING ).
|
||||
More specifically, when the kernel tries to determine to which keyring the
|
||||
newly constructed key should be linked, it tries the following options,
|
||||
starting from the value set via
|
||||
.BR KEYCTL_SET_REQKEY_KEYRING " " keyctl (2)
|
||||
command until it finds the first available one:
|
||||
.BR KEYCTL_SET_REQKEY_KEYRING
|
||||
command and continuing in the order shown below
|
||||
until it finds the first keyring that exists:
|
||||
.IP \(bu 3
|
||||
.\" 8bbf4976b59fc9fc2861e79cab7beb3f6d647640
|
||||
Requestor keyring (specified via
|
||||
.BR KEY_REQKEY_DEFL_REQUESTOR_KEYRING ,
|
||||
since Linux 2.6.29)
|
||||
The requestor keyring
|
||||
.RB ( KEY_REQKEY_DEFL_REQUESTOR_KEYRING ,
|
||||
since Linux 2.6.29).
|
||||
.IP \(bu
|
||||
Thread-specific keyring (specified via
|
||||
.BR KEY_REQKEY_DEFL_THREAD_KEYRING )
|
||||
The thread-specific keyring
|
||||
.RB ( KEY_REQKEY_DEFL_THREAD_KEYRING ).
|
||||
.IP \(bu
|
||||
Process-specific keyring (specified via
|
||||
.BR KEY_REQKEY_DEFL_PROCESS_KEYRING )
|
||||
The process-specific keyring
|
||||
.RB ( KEY_REQKEY_DEFL_PROCESS_KEYRING ).
|
||||
.IP \(bu
|
||||
Session-specific keyring (specified via
|
||||
.BR KEY_REQKEY_DEFL_SESSION_KEYRING )
|
||||
The session-specific keyring
|
||||
.RB ( KEY_REQKEY_DEFL_SESSION_KEYRING ).
|
||||
.IP \(bu
|
||||
Session keyring for the process's user ID (specified via
|
||||
.BR KEY_REQKEY_DEFL_USER_SESSION_KEYRING ).
|
||||
The session keyring for the process's user ID
|
||||
.RB ( KEY_REQKEY_DEFL_USER_SESSION_KEYRING ).
|
||||
This keyring is expected to always exist.
|
||||
.IP \(bu
|
||||
UID-specific keyring (specified via
|
||||
.BR KEY_REQKEY_DEFL_USER_KEYRING ).
|
||||
The UID-specific keyring
|
||||
.RB ( KEY_REQKEY_DEFL_USER_KEYRING ).
|
||||
This keyring is also expected to always exist.
|
||||
.PP
|
||||
Specifying
|
||||
.B KEY_REQKEY_DEFL_DEFAULT
|
||||
leads to starting from the beginning of the list.
|
||||
If the
|
||||
.BR keyctl (2)
|
||||
.BR KEYCTL_SET_REQKEY_KEYRING
|
||||
command specifies
|
||||
.BR KEY_REQKEY_DEFL_DEFAULT
|
||||
(or no
|
||||
.BR KEYCTL_SET_REQKEY_KEYRING
|
||||
command is performed),
|
||||
then the kernel looks for a keyring
|
||||
starting from the beginning of the list.
|
||||
.\"
|
||||
.SS Requesting user-space instantiation of a key
|
||||
If the kernel cannot find a key matching
|
||||
|
|
|
|||
Loading…
Reference in New Issue