mount_setattr.2: Changes after review feedback from Christian Brauner

[man-pages.git] / man7 / process-keyring.7

.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
.\" Written by David Howells (dhowells@redhat.com)
.\"
.\" %%%LICENSE_START(GPLv2+_SW_ONEPARA)
.\" This program is free software; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License
.\" as published by the Free Software Foundation; either version
.\" 2 of the License, or (at your option) any later version.
.\" %%%LICENSE_END
.\"
.TH PROCESS-KEYRING 7 2020-08-13 Linux "Linux Programmer's Manual"
.SH NAME
process-keyring \- per-process shared keyring
.SH DESCRIPTION
The process keyring is a keyring used to anchor keys on behalf of a process.
It is created only when a process requests it.
The process keyring has the name (description)
.IR _pid .
.PP
A special serial number value,
.BR KEY_SPEC_PROCESS_KEYRING ,
is defined that can be used in lieu of the actual serial number of
the calling process's process keyring.
.PP
From the
.BR keyctl (1)
utility, '\fB@p\fP' can be used instead of a numeric key ID in
much the same way, but since
.BR keyctl (1)
is a program run after forking, this is of no utility.
.PP
A thread created using the
.BR clone (2)
.B CLONE_THREAD
flag has the same process keyring as the caller of
.BR clone (2).
When a new process is created using
.BR fork ()
it initially has no process keyring.
A process's process keyring is cleared on
.BR execve (2).
The process keyring is destroyed when the last
thread that refers to it terminates.
.PP
If a process doesn't have a process keyring when it is accessed,
then the process keyring will be created if the keyring is to be modified;
otherwise, the error
.B ENOKEY
results.
.SH SEE ALSO
.ad l
.nh
.BR keyctl (1),
.BR keyctl (3),
.BR keyrings (7),
.BR persistent\-keyring (7),
.BR session\-keyring (7),
.BR thread\-keyring (7),
.BR user\-keyring (7),
.BR user\-session\-keyring (7)