process-keyring — per-process shared keyring
The process keyring is a keyring used to anchor keys on
behalf of a process. It is created only when a process
requests it. The process keyring has the name (description)
_pid.
A special serial number value, KEY_SPEC_PROCESS_KEYRING, is defined that
can be used in lieu of the actual serial number of the
calling process's process keyring.
From the keyctl(1) utility, '@p' can be used instead of a
numeric key ID in much the same way, but since keyctl(1) is a program run
after forking, this is of no utility.
A thread created using the clone(2) CLONE_THREAD flag has the same process
keyring as the caller of clone(2). When a new
process is created using fork()
it initially has no process keyring. A process's process
keyring is cleared on execve(2). The process
keyring is destroyed when the last thread that refers to it
terminates.
If a process doesn't have a process keyring when it is accessed, then the process keyring will be created if the keyring is to be modified; otherwise, the error ENOKEY results.
keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7), session-keyring(7), thread-keyring(7), user-keyring(7), user-session-keyring(7)
This page is part of release 5.11 of the Linux man-pages project. A
description of the project, information about reporting bugs,
and the latest version of this page, can be found at
https://www.kernel.org/doc/man−pages/.
|
Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. Written by David Howells (dhowellsredhat.com) %%%LICENSE_START(GPLv2+_SW_ONEPARA) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. %%%LICENSE_END |