[thirdparty/man-pages.git] / man7 / user-session-keyring.7

.\"
.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
.\" Written by David Howells (dhowells@redhat.com)
.\"
.\" This program is free software; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public Licence
.\" as published by the Free Software Foundation; either version
.\" 2 of the Licence, or (at your option) any later version.
.\"
.TH "USER-SESSION-KEYRING" 7 2016-11-01 Linux "Linux Programmer's Manual"
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.SH NAME
user-session-keyring \- per-user default session keyring
.SH DESCRIPTION
The
.B user session keyring
is a keyring used to anchor keys on behalf of a user.  Each UID the kernel
deals with has its own user session keyring.  This keyring is associated with
the record that the kernel maintains for the UID and, once created, is retained
as long as that record persists.  It is shared amongst all processes of that
UID.
.P
The user session keyring is created on demand when a thread requests it or when
a thread asks for its \fBsession keyring\fP and that doesn't exist.  In the
latter case, a user session keyring will be created and, if the session keyring
wasn't to be created, the user session keyring will be set as the process's
actual session keyring.
.P
The user session keyring is searched by \fBrequest_key\fP() if the actual
session keyring does not exist and is ignored otherwise.
.P
A special serial number value, \fBKEY_SPEC_USER_SESSION_KEYRING\fP, is defined
that can be used in lieu of the calling process's user session keyring's actual
serial number.
.P
From the keyctl utility, '\fB@us\fP' can be used instead of a numeric key ID in
much the same way.
.P
User session keyrings are independent of clone(), fork(), vfork(), execve() and
exit() excepting that the keyring is destroyed when the UID record is destroyed
when the last process pinning it exits.
.P
If a user session keyring does not exist when it is accessed, it will be
created.
.P
It is strongly recommended that a \fBsession keyring\fP be set explicitly, for
example by \fBpam_keyinit\fP, rather than relying on the user session keyring -
particularly if a process is running as root.
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.SH SEE ALSO
.ad l
.nh
.BR keyctl (1),
.BR keyctl (3),
.BR keyrings (7),
.BR persistent\-keyring (7),
.BR process\-keyring (7),
.BR session\-keyring (7),
.BR thread\-keyring (7),
.BR user\-keyring (7)
Commit	Line	Data
9bb46110 MK	1	.\"
	2	.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
	3	.\" Written by David Howells (dhowells@redhat.com)
	4	.\"
	5	.\" This program is free software; you can redistribute it and/or
	6	.\" modify it under the terms of the GNU General Public Licence
	7	.\" as published by the Free Software Foundation; either version
	8	.\" 2 of the Licence, or (at your option) any later version.
	9	.\"
e7ca6b3c	10	.TH "USER-SESSION-KEYRING" 7 2016-11-01 Linux "Linux Programmer's Manual"
9bb46110 MK	11	.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
9bb46110 MK	12	.SH NAME
8c5a425a	13	user-session-keyring \- per-user default session keyring
9bb46110 MK	14	.SH DESCRIPTION
	15	The
	16	.B user session keyring
	17	is a keyring used to anchor keys on behalf of a user. Each UID the kernel
	18	deals with has its own user session keyring. This keyring is associated with
	19	the record that the kernel maintains for the UID and, once created, is retained
	20	as long as that record persists. It is shared amongst all processes of that
	21	UID.
	22	.P
	23	The user session keyring is created on demand when a thread requests it or when
	24	a thread asks for its \fBsession keyring\fP and that doesn't exist. In the
	25	latter case, a user session keyring will be created and, if the session keyring
	26	wasn't to be created, the user session keyring will be set as the process's
	27	actual session keyring.
	28	.P
	29	The user session keyring is searched by \fBrequest_key\fP() if the actual
	30	session keyring does not exist and is ignored otherwise.
	31	.P
	32	A special serial number value, \fBKEY_SPEC_USER_SESSION_KEYRING\fP, is defined
	33	that can be used in lieu of the calling process's user session keyring's actual
	34	serial number.
	35	.P
	36	From the keyctl utility, '\fB@us\fP' can be used instead of a numeric key ID in
	37	much the same way.
	38	.P
	39	User session keyrings are independent of clone(), fork(), vfork(), execve() and
	40	exit() excepting that the keyring is destroyed when the UID record is destroyed
	41	when the last process pinning it exits.
	42	.P
	43	If a user session keyring does not exist when it is accessed, it will be
	44	created.
	45	.P
	46	It is strongly recommended that a \fBsession keyring\fP be set explicitly, for
	47	example by \fBpam_keyinit\fP, rather than relying on the user session keyring -
	48	particularly if a process is running as root.
	49	.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
	50	.SH SEE ALSO
2aa9ab8b MK	51	.ad l
2aa9ab8b MK	52	.nh
9bb46110	53	.BR keyctl (1),
9bb46110	54	.BR keyctl (3),
9bb46110	55	.BR keyrings (7),
2aa9ab8b MK	56	.BR persistent\-keyring (7),
	57	.BR process\-keyring (7),
	58	.BR session\-keyring (7),
	59	.BR thread\-keyring (7),
	60	.BR user\-keyring (7)