user-session-keyring.7: Add some details on lifetime of user session keyring

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man7/user-session-keyring.7 b/man7/user-session-keyring.7
index 40f31b449ce7eaee0f08d44c1484b271250a708c..916b8e093d82501f465a20510b375c4e0b1c3502 100644 (file)
--- a/man7/user-session-keyring.7
+++ b/man7/user-session-keyring.7
@@ -14,11 +14,21 @@
 user-session-keyring \- per-user default session keyring
 .SH DESCRIPTION
 The user session keyring is a keyring used to anchor keys on behalf of a user.
-Each UID the kernel deals with has its own user session keyring.
-This keyring is associated with
-the record that the kernel maintains for the UID and, once created,
-is retained as long as that record persists.
-It is shared amongst all processes of that UID.
+Each UID the kernel deals with has its own user session keyring that
+is shared by all processes with that UID.
+
+The user session keyring is associated with the record that
+the kernel maintains for the UID.
+It comes into existence upon the first attempt to access either the
+user session keyring, the
+.BR user-keyring (7),
+or the
+.BR session-keyring (7).
+.\" Davis Howells: the user and user-session keyrings are managed as a pair.
+The keyring remains pinned in existence so long as there are processes
+running with that real UID or files opened by those processes remain open.
+(The keyring can also be pinned indefinitely by linking it
+into another keyring.)
 
 The user session keyring is created on demand when a thread requests it
 or when a thread asks for its