MAN page from Fedora 23 keyutils-libs-1.5.9-7.fc23.i686.rpm
Section: Kernel key management (7)
Updated: 19 Feb 2014Index
session keyring - Session shared process keyring
is a keyring used to anchor keys on behalf of a process. It is typicallycreated by the pam_keyinit
module when a user logs in and a link will beadded that refers to the user keyring
.A special serial number value, KEY_SPEC_SESSION_KEYRING
, is defined thatcan be used in lieu of the calling process's session keyring's actual serialnumber.From the keyctl utility, '@s
' can be used instead of a numeric key ID inmuch the same way.A process's session keyring is inherited across clone(), fork() and vfork() andis retained across execve() - even when the target executable is setuid orsetgid. The session keyring will be destroyed when the last process thatrefers to it exits.If a process doesn't have a session keyring when it is accessed, then, undercertain circumstances, the user session keyring
will be attached as thesession keyring and under others a new session keyring will be created.
The keyutils library provides a number of special operations for manipulatingsession keyrings:
- This operation allows the caller to change their session keyring. The callercan join an existing keyring by name, create a new keyring of the name given orask the kernel to create a new session keyring with the name "_ses".
- This operation allows the caller to set the parent process's session keyring tothe same as their own. For this to succeed, the parent process must haveidentical security attributes and must be single threaded.These operations are also exposed through the keyctl utility as:
- keyctl session
keyctl session - [<prog> <arg1> <arg2> ...]
keyctl session <name> [<prog> <arg1> <arg2> ...]
- keyctl new_session
- SPECIAL OPERATIONS
- SEE ALSO
This document was created byman2html,using the manual pages.