OpenSuSE Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help 
x SuSE Linux 13.1-RELEASE x
x SuSE Linux 13.1-RELEASEx
PERSISTENT KEYRING(7)        Kernel key management       PERSISTENT KEYRING(7)

NAME
       persistent keyring - Per-user persistent keyring

DESCRIPTION
       The  persistent keyring is a keyring used to anchor keys on behalf of a
       user.  Each UID the kernel deals with has its  own  persistent  keyring
       that is shared between all threads owned by that UID.

       The  persistent keyring is created on demand when a thread requests it.
       The keyring's expiration timer is reset every time it  is  accessed  to
       the value in:

              /proc/sys/kernel/keys/persistent_keyring_expiry

       The  persistent  keyring  is not searched by request_key() unless it is
       referred to by a keyring that is.

       The persistent keyring may not be accessed directly, even by  processes
       with  the  appropriate  UID.   Instead  it  must  be linked to one of a
       process's keyrings first before that keyring can access it by virtue of
       its possessor permits.  This is done with keyctl_get_persistent().

       Persistent  keyrings  are  independent  of  clone(),  fork(),  vfork(),
       execve() and exit().  They persist until their expiration timers  trig-
       ger  -  at which point they are garbage collected.  This allows them to
       carry keys beyond the life of the kernel's record of the  corresponding
       UID  (the  destruction  of which results in the destruction of the user
       and user session keyrings).

       If a persistent keyring does not exist when it is accessed, it will  be
       created.

SPECIAL OPERATIONS
       The keyutils library provides a special operation for manipulating per-
       sistent keyrings:

       keyctl_get_persistent()
              This operation allows the caller to get the  persistent  keyring
              corresponding  to their own UID or, if they have CAP_SETUID, the
              persistent keyring corresponding to some other UID in  the  same
              user namespace.

SEE ALSO
       keyctl(1),
       keyctl(3),
       keyctl_get_persistent(3),
       keyrings(7),
       process-keyring(7),
       session-keyring(7),
       thread-keyring(7),
       user-keyring(7),
       user-session-keyring(7)

Linux                             20 Feb 2014            PERSISTENT KEYRING(7)

Want to link to this manual page? Use this URL:
<http://star2.abcm.com/cgi-bin/bsdi-man?query=persistent-keyring&sektion=7&manpath=>

home | help