From e87dd702f54f7b2150524ed054bcc1bd6f8adbc1 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Tue, 1 Nov 2016 16:44:43 +0100 Subject: [PATCH] process-keyring.7: New page adopted from keyutils Since this page documents kernel-user-space interfaces, it makes sense to have it as part of man-pages, rather than the keyutils package. Signed-off-by: David Howells Signed-off-by: Michael Kerrisk --- man7/process-keyring.7 | 53 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 man7/process-keyring.7 diff --git a/man7/process-keyring.7 b/man7/process-keyring.7 new file mode 100644 index 000000000..bacd3cfe8 --- /dev/null +++ b/man7/process-keyring.7 @@ -0,0 +1,53 @@ +.\" +.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. +.\" Written by David Howells (dhowells@redhat.com) +.\" +.\" This program is free software; you can redistribute it and/or +.\" modify it under the terms of the GNU General Public Licence +.\" as published by the Free Software Foundation; either version +.\" 2 of the Licence, or (at your option) any later version. +.\" +.TH "PROCESS KEYRING" 7 "19 Feb 2014" Linux "Kernel key management" +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH NAME +process_keyring \- Per-process shared keyring +.SH DESCRIPTION +The +.B process keyring +is a keyring used to anchor keys on behalf of a process. It is only created +when a process requests it. +.P +A special serial number value, \fBKEY_SPEC_PROCESS_KEYRING\fP, is defined that +can be used in lieu of the calling process's process keyring's actual serial +number. +.P +From the keyctl utility, '\fB@p\fP' can be used instead of a numeric key ID in +much the same way, but as keyctl is a program run after forking, this is of no +utility. +.P +A process's process keyring is inherited across clone() with CLONE_THREAD and +is cleared by execve(). The process keyring will be destroyed when the last +thread that refers to it exits. +.P +If a process doesn't have a process keyring when it is accessed, then the +process keyring will be created if the keyring is to be modified, otherwise +error ENOKEY will be issued. +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH SEE ALSO +.BR keyctl (1), +.br +.BR keyctl (3), +.br +.BR keyrings (7), +.br +.BR thread-keyring (7), +.br +.BR process-keyring (7), +.br +.BR session-keyring (7), +.br +.BR user-keyring (7), +.br +.BR user-session-keyring (7), +.br +.BR persistent-keyring (7)