process-keyring(7) — Linux manual page


PROCESS-KEYRING(7)        Linux Programmer's Manual       PROCESS-KEYRING(7)

NAME         top

       process-keyring - per-process shared keyring

DESCRIPTION         top

       The process keyring is a keyring used to anchor keys on behalf of a
       process.  It is created only when a process requests it.  The process
       keyring has the name (description) _pid.

       A special serial number value, KEY_SPEC_PROCESS_KEYRING, is defined
       that can be used in lieu of the actual serial number of the calling
       process's process keyring.

       From the keyctl(1) utility, '@p' can be used instead of a numeric key
       ID in much the same way, but since keyctl(1) is a program run after
       forking, this is of no utility.

       A thread created using the clone(2) CLONE_THREAD flag has the same
       process keyring as the caller of clone(2).  When a new process is
       created using fork() it initially has no process keyring.  A
       process's process keyring is cleared on execve(2).  The process
       keyring is destroyed when the last thread that refers to it

       If a process doesn't have a process keyring when it is accessed, then
       the process keyring will be created if the keyring is to be modified;
       otherwise, the error ENOKEY results.

SEE ALSO         top

       keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7),
       session-keyring(7), thread-keyring(7), user-keyring(7),

COLOPHON         top

       This page is part of release 5.09 of the Linux man-pages project.  A
       description of the project, information about reporting bugs, and the
       latest version of this page, can be found at

Linux                            2020-08-13               PROCESS-KEYRING(7)

Pages that refer to this page: add_key(2)keyctl(2)request_key(2)keyrings(7)keyutils(7)persistent-keyring(7)session-keyring(7)thread-keyring(7)user-keyring(7)user-session-keyring(7)