]>
Commit | Line | Data |
---|---|---|
9bb46110 MK |
1 | .\" |
2 | .\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. | |
3 | .\" Written by David Howells (dhowells@redhat.com) | |
4 | .\" | |
5 | .\" This program is free software; you can redistribute it and/or | |
6 | .\" modify it under the terms of the GNU General Public Licence | |
7 | .\" as published by the Free Software Foundation; either version | |
8 | .\" 2 of the Licence, or (at your option) any later version. | |
9 | .\" | |
e7ca6b3c | 10 | .TH "USER-SESSION-KEYRING" 7 2016-11-01 Linux "Linux Programmer's Manual" |
9bb46110 MK |
11 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
12 | .SH NAME | |
8c5a425a | 13 | user-session-keyring \- per-user default session keyring |
9bb46110 MK |
14 | .SH DESCRIPTION |
15 | The | |
16 | .B user session keyring | |
17 | is a keyring used to anchor keys on behalf of a user. Each UID the kernel | |
18 | deals with has its own user session keyring. This keyring is associated with | |
19 | the record that the kernel maintains for the UID and, once created, is retained | |
20 | as long as that record persists. It is shared amongst all processes of that | |
21 | UID. | |
22 | .P | |
23 | The user session keyring is created on demand when a thread requests it or when | |
24 | a thread asks for its \fBsession keyring\fP and that doesn't exist. In the | |
25 | latter case, a user session keyring will be created and, if the session keyring | |
26 | wasn't to be created, the user session keyring will be set as the process's | |
27 | actual session keyring. | |
28 | .P | |
29 | The user session keyring is searched by \fBrequest_key\fP() if the actual | |
30 | session keyring does not exist and is ignored otherwise. | |
31 | .P | |
32 | A special serial number value, \fBKEY_SPEC_USER_SESSION_KEYRING\fP, is defined | |
33 | that can be used in lieu of the calling process's user session keyring's actual | |
34 | serial number. | |
35 | .P | |
36 | From the keyctl utility, '\fB@us\fP' can be used instead of a numeric key ID in | |
37 | much the same way. | |
38 | .P | |
39 | User session keyrings are independent of clone(), fork(), vfork(), execve() and | |
40 | exit() excepting that the keyring is destroyed when the UID record is destroyed | |
41 | when the last process pinning it exits. | |
42 | .P | |
43 | If a user session keyring does not exist when it is accessed, it will be | |
44 | created. | |
45 | .P | |
46 | It is strongly recommended that a \fBsession keyring\fP be set explicitly, for | |
47 | example by \fBpam_keyinit\fP, rather than relying on the user session keyring - | |
48 | particularly if a process is running as root. | |
49 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" | |
50 | .SH SEE ALSO | |
2aa9ab8b MK |
51 | .ad l |
52 | .nh | |
9bb46110 | 53 | .BR keyctl (1), |
9bb46110 | 54 | .BR keyctl (3), |
9bb46110 | 55 | .BR keyrings (7), |
2aa9ab8b MK |
56 | .BR persistent\-keyring (7), |
57 | .BR process\-keyring (7), | |
58 | .BR session\-keyring (7), | |
59 | .BR thread\-keyring (7), | |
60 | .BR user\-keyring (7) |