.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. .\" Written by David Howells (dhowells@redhat.com) .\" .\" SPDX-License-Identifier: GPL-2.0-or-later .\" .TH process-keyring 7 2023-10-31 "Linux man-pages 6.06" .SH NAME process-keyring \- per-process shared keyring .SH DESCRIPTION The process keyring is a keyring used to anchor keys on behalf of a process. It is created only when a process requests it. The process keyring has the name (description) .IR _pid . .P A special serial number value, .BR KEY_SPEC_PROCESS_KEYRING , is defined that can be used in lieu of the actual serial number of the calling process's process keyring. .P From the .BR keyctl (1) utility, '\fB@p\fP' can be used instead of a numeric key ID in much the same way, but since .BR keyctl (1) is a program run after forking, this is of no utility. .P A thread created using the .BR clone (2) .B CLONE_THREAD flag has the same process keyring as the caller of .BR clone (2). When a new process is created using .BR fork () it initially has no process keyring. A process's process keyring is cleared on .BR execve (2). The process keyring is destroyed when the last thread that refers to it terminates. .P If a process doesn't have a process keyring when it is accessed, then the process keyring will be created if the keyring is to be modified; otherwise, the error .B ENOKEY results. .SH SEE ALSO .ad l .nh .BR keyctl (1), .BR keyctl (3), .BR keyrings (7), .BR persistent\-keyring (7), .BR session\-keyring (7), .BR thread\-keyring (7), .BR user\-keyring (7), .BR user\-session\-keyring (7)