OpenSuSE Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help 
x SuSE Linux 13.1-RELEASE x
x SuSE Linux 13.1-RELEASEx
SESSION KEYRING(7)           Kernel key management          SESSION KEYRING(7)

NAME
       session keyring - Session shared process keyring

DESCRIPTION
       The  session  keyring  is  a keyring used to anchor keys on behalf of a
       process.  It is typically created by the pam_keyinit module when a user
       logs in and a link will be added that refers to the user keyring.

       A  special  serial  number  value, KEY_SPEC_SESSION_KEYRING, is defined
       that can be used in lieu of the  calling  process's  session  keyring's
       actual serial number.

       From  the  keyctl utility, '@s' can be used instead of a numeric key ID
       in much the same way.

       A process's session keyring is inherited  across  clone(),  fork()  and
       vfork()  and  is  retained  across execve() - even when the target exe-
       cutable is setuid or setgid.  The session  keyring  will  be  destroyed
       when the last process that refers to it exits.

       If  a process doesn't have a session keyring when it is accessed, then,
       under certain circumstances, the user session keyring will be  attached
       as  the  session keyring and under others a new session keyring will be
       created.

SPECIAL OPERATIONS
       The keyutils library provides a number of special operations for manip-
       ulating session keyrings:

       keyctl_join_session_keyring()
              This  operation  allows  the  caller  to  change  their  session
              keyring.  The caller can join an existing keyring by name,  cre-
              ate  a new keyring of the name given or ask the kernel to create
              a new session keyring with the name "_ses".

       keyctl_session_to_parent()
              This operation allows the caller to  set  the  parent  process's
              session  keyring to the same as their own.  For this to succeed,
              the parent process must have identical security  attributes  and
              must be single threaded.

       These operations are also exposed through the keyctl utility as:

              keyctl session
              keyctl session - [<prog> <arg1> <arg2> ...]
              keyctl session <name> [<prog> <arg1> <arg2> ...]

       and:

              keyctl new_session

SEE ALSO
       keyctl(1),
       keyctl(3),
       keyctl_join_session_keyring(3),
       keyctl_session_to_parent(3),
       pam_keyinit(8),
       keyrings(7),
       thread-keyring(7),
       process-keyring(7),
       user-keyring(7),
       user-session-keyring(7)
       persistent-keyring(7)

Linux                             19 Feb 2014               SESSION KEYRING(7)

Want to link to this manual page? Use this URL:
<http://star2.abcm.com/cgi-bin/bsdi-man?query=session-keyring&sektion=7&manpath=>

home | help