mirror of https://github.com/mkerrisk/man-pages
keyrings.7, persistent-keyring.7, session-keyring.7, user-keyring.7, user-session-keyring.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
6d6d803e04
commit
c26b9d5711
|
@ -358,8 +358,10 @@ if it exists or the
|
|||
.BR user-session-keyring (7)
|
||||
if that exists.
|
||||
.IP (2)
|
||||
If the caller was a process that was invoked by the \fBrequest_key\fR() upcall
|
||||
mechanism then the keyrings of the original caller of that \fBrequest_key\fR()
|
||||
If the caller was a process that was invoked by the
|
||||
.BR request_key (2)
|
||||
upcall mechanism then the keyrings of the original caller of that
|
||||
.BR request_key (2)
|
||||
will be searched as well.
|
||||
.IP (3)
|
||||
Each keyring is searched first for a match, then the keyrings referred to by
|
||||
|
|
|
@ -23,14 +23,17 @@ to the value in:
|
|||
.IP
|
||||
/proc/sys/kernel/keys/persistent_keyring_expiry
|
||||
.P
|
||||
The persistent keyring is not searched by \fBrequest_key\fP() unless it is
|
||||
The persistent keyring is not searched by
|
||||
.BR request_key (2)
|
||||
unless it is
|
||||
referred to by a keyring that is.
|
||||
.P
|
||||
The persistent keyring may not be accessed directly, even by processes with
|
||||
the appropriate UID.
|
||||
Instead it must be linked to one of a process's keyrings
|
||||
first before that keyring can access it by virtue of its possessor permits.
|
||||
This is done with \fBkeyctl_get_persistent\fP().
|
||||
This is done with
|
||||
.BR keyctl_get_persistent (3).
|
||||
.P
|
||||
Persistent keyrings are independent of
|
||||
.BR clone (2),
|
||||
|
@ -50,7 +53,7 @@ created.
|
|||
.SS Special operations
|
||||
The keyutils library provides a special operation for manipulating persistent
|
||||
keyrings:
|
||||
.IP \fBkeyctl_get_persistent\fP()
|
||||
.BR keyctl_get_persistent (3)
|
||||
This operation allows the caller to get the persistent keyring corresponding
|
||||
to their own UID or, if they have
|
||||
.BR CAP_SETUID ,
|
||||
|
|
|
@ -46,12 +46,14 @@ session keyring and under others a new session keyring will be created.
|
|||
.SS Special operations
|
||||
The keyutils library provides a number of special operations for manipulating
|
||||
session keyrings:
|
||||
.IP \fBkeyctl_join_session_keyring\fP()
|
||||
.TP
|
||||
.BR keyctl_join_session_keyring (3)
|
||||
This operation allows the caller to change their session keyring.
|
||||
The caller can join an existing keyring by name,
|
||||
create a new keyring of the name given or
|
||||
ask the kernel to create a new session keyring with the name "_ses".
|
||||
.IP \fBkeyctl_session_to_parent\fP()
|
||||
.TP
|
||||
.BR keyctl_session_to_parent (3)
|
||||
This operation allows the caller to set the parent process's session keyring to
|
||||
the same as their own.
|
||||
For this to succeed, the parent process must have
|
||||
|
|
|
@ -25,7 +25,8 @@ this happens when
|
|||
.BR pam_keyinit (8)
|
||||
is invoked when a user logs in.
|
||||
.P
|
||||
The user keyring is not searched by default by \fBrequest_key\fP().
|
||||
The user keyring is not searched by default by
|
||||
.BR request_key (2).
|
||||
When
|
||||
.BR pam_keyinit (8)
|
||||
creates a session keyring, it adds to it a link to the user
|
||||
|
|
|
@ -31,7 +31,9 @@ a user session keyring will be created and, if the session keyring
|
|||
wasn't to be created, the user session keyring will be set as the process's
|
||||
actual session keyring.
|
||||
.P
|
||||
The user session keyring is searched by \fBrequest_key\fP() if the actual
|
||||
The user session keyring is searched by
|
||||
.BR request_key (2)
|
||||
if the actual
|
||||
session keyring does not exist and is ignored otherwise.
|
||||
.P
|
||||
A special serial number value,
|
||||
|
|
Loading…
Reference in New Issue