mirror of https://github.com/mkerrisk/man-pages
keyrings.7, process-keyring.7, thread-keyring.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
bf0dcc156f
commit
c1f7a90fee
|
@ -16,7 +16,7 @@ keyrings \- in-kernel key management and retention facility
|
|||
The
|
||||
.B keyrings
|
||||
facility is primarily a way for drivers to retain or cache security data,
|
||||
authentication keys, encryption keys and other data in the kernel.
|
||||
authentication keys, encryption keys, and other data in the kernel.
|
||||
.P
|
||||
System call interfaces are provided so that userspace programs can manage those
|
||||
objects and also use the facility for their own purposes.
|
||||
|
@ -78,7 +78,7 @@ when it was requested.
|
|||
A key's payload can be read and updated if the key type supports it and if
|
||||
suitable permission is granted to the caller.
|
||||
.IP "\fBAccess rights\fR"
|
||||
Each key has an owning user ID, an owning group and a security label - much as
|
||||
Each key has an owning user ID, an owning group, and a security label - much as
|
||||
files do.
|
||||
They also have a set of permissions,
|
||||
though there are more than for a normal UNIX file,
|
||||
|
@ -140,7 +140,7 @@ Keys may be linked to by multiple keyrings.
|
|||
Keyrings may be considered as analogous to UNIX directories
|
||||
where each directory contains a set of hard links to files.
|
||||
.P
|
||||
Several of the syscall functions available may only be applied to keyrings:
|
||||
Various operations (system calls) may be applied only to keyrings:
|
||||
.IP "\fBAdding\fR"
|
||||
A key may be added to a keyring by system calls that create keys.
|
||||
This prevents the new key from being immediately deleted
|
||||
|
@ -178,7 +178,7 @@ key - but whilst keyrings are available to link to keys, keyrings themselves
|
|||
are just keys and are also subject to the same anchoring necessity.
|
||||
.P
|
||||
The kernel makes available a number of anchor keyrings.
|
||||
Note that some of these keyrings will only be created when first accessed.
|
||||
Note that some of these keyrings will be created only when first accessed.
|
||||
.IP "\fBProcess keyrings\fR"
|
||||
Process credentials themselves reference keyrings with specific semantics.
|
||||
These keyrings are pinned as long as the set of credentials exists - which is
|
||||
|
@ -241,7 +241,7 @@ Whether a thread possesses a key is determined by the following rules:
|
|||
Any key or keyring that does not grant \fBSearch\fP permission to the caller is
|
||||
\fIignored\fP in all the following rules.
|
||||
.IP (2)
|
||||
A thread \fIpossesses\fR its \fBsession\fR, \fBprocess\fR and \fBthread\fR
|
||||
A thread \fIpossesses\fR its \fBsession\fR, \fBprocess\fR, and \fBthread\fR
|
||||
keyrings directly because those are pointed to by its credentials.
|
||||
.IP (3)
|
||||
If a keyring is possessed, then any key it links to is \fIalso\fR possessed.
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
process-keyring \- per-process shared keyring
|
||||
.SH DESCRIPTION
|
||||
The process keyring is a keyring used to anchor keys on behalf of a process.
|
||||
It is only created when a process requests it.
|
||||
It is created only when a process requests it.
|
||||
.P
|
||||
A special serial number value,
|
||||
.BR KEY_SPEC_PROCESS_KEYRING ,
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
thread-keyring \- per-thread keyring
|
||||
.SH DESCRIPTION
|
||||
The thread keyring is a keyring used to anchor keys on behalf of a process.
|
||||
It is only created when a thread requests it.
|
||||
It is created only when a thread requests it.
|
||||
.P
|
||||
A special serial number value,
|
||||
.BR KEY_SPEC_THREAD_KEYRING ,
|
||||
|
|
Loading…
Reference in New Issue