Manpages - process-keyring.7

process-keyring - per-process shared keyring

The process keyring is a keyring used to anchor keys on behalf of a process. It is created only when a process requests it. The process keyring has the name (description) _pid.

A special serial number value, KEY_SPEC_PROCESS_KEYRING, is defined that can be used in lieu of the actual serial number of the calling process’s process keyring.

From the keyctl*(1) utility, ’*@p’ can be used instead of a numeric key ID in much the same way, but since *keyctl*(1) is a program run after forking, this is of no utility.

A thread created using the clone*(2) *CLONE_THREAD flag has the same process keyring as the caller of *clone*(2). When a new process is created using *fork*() it initially has no process keyring. A process’s process keyring is cleared on *execve*(2). The process keyring is destroyed when the last thread that refers to it terminates.

If a process doesn’t have a process keyring when it is accessed, then the process keyring will be created if the keyring is to be modified; otherwise, the error ENOKEY results.

*keyctl*(1), *keyctl*(3), *keyrings*(7), *persistent-keyring*(7), *session-keyring*(7), *thread-keyring*(7), *user-keyring*(7), *user-session-keyring*(7)

This page is part of release 5.13 of the Linux man-pages project. A description of the project, information about reporting bugs, and the latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.