summaryrefslogtreecommitdiffstats
path: root/man7/persistent-keyring.7
diff options
context:
space:
mode:
Diffstat (limited to 'man7/persistent-keyring.7')
-rw-r--r--man7/persistent-keyring.7124
1 files changed, 0 insertions, 124 deletions
diff --git a/man7/persistent-keyring.7 b/man7/persistent-keyring.7
deleted file mode 100644
index 0db4940..0000000
--- a/man7/persistent-keyring.7
+++ /dev/null
@@ -1,124 +0,0 @@
-.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
-.\" Written by David Howells (dhowells@redhat.com)
-.\"
-.\" SPDX-License-Identifier: GPL-2.0-or-later
-.\"
-.TH persistent-keyring 7 2023-10-31 "Linux man-pages 6.7"
-.SH NAME
-persistent-keyring \- per-user persistent keyring
-.SH DESCRIPTION
-The persistent keyring is a keyring used to anchor keys on behalf of a user.
-Each UID the kernel deals with has its own persistent keyring that
-is shared between all threads owned by that UID.
-The persistent keyring has a name (description) of the form
-.I _persistent.<UID>
-where
-.I <UID>
-is the user ID of the corresponding user.
-.P
-The persistent keyring may not be accessed directly,
-even by processes with the appropriate UID.
-.\" FIXME The meaning of the preceding sentence isn't clear. What is meant?
-Instead, it must first be linked to one of a process's keyrings,
-before that keyring can access the persistent keyring
-by virtue of its possessor permits.
-This linking is done with the
-.BR keyctl_get_persistent (3)
-function.
-.P
-If a persistent keyring does not exist when it is accessed by the
-.BR keyctl_get_persistent (3)
-operation, it will be automatically created.
-.P
-Each time the
-.BR keyctl_get_persistent (3)
-operation is performed,
-the persistent keyring's expiration timer is reset to the value in:
-.P
-.in +4n
-.EX
-/proc/sys/kernel/keys/persistent_keyring_expiry
-.EE
-.in
-.P
-Should the timeout be reached,
-the persistent keyring will be removed and
-everything it pins can then be garbage collected.
-The keyring will then be re-created on a subsequent call to
-.BR keyctl_get_persistent (3).
-.P
-The persistent keyring is not directly searched by
-.BR request_key (2);
-it is searched only if it is linked into one of the keyrings
-that is searched by
-.BR request_key (2).
-.P
-The persistent keyring is independent of
-.BR clone (2),
-.BR fork (2),
-.BR vfork (2),
-.BR execve (2),
-and
-.BR _exit (2).
-It persists until its expiration timer triggers,
-at which point it is garbage collected.
-This allows the persistent keyring to carry keys beyond the life of
-the kernel's record of the corresponding UID
-(the destruction of which results in the destruction of the
-.BR user\-keyring (7)
-and the
-.BR user\-session\-keyring (7)).
-The persistent keyring can thus be used to
-hold authentication tokens for processes that run without user interaction,
-such as programs started by
-.BR cron (8).
-.P
-The persistent keyring is used to store UID-specific objects that
-themselves have limited lifetimes (e.g., kerberos tokens).
-If those tokens cease to be used
-(i.e., the persistent keyring is not accessed),
-then the timeout of the persistent keyring ensures that
-the corresponding objects are automatically discarded.
-.\"
-.SS Special operations
-The
-.I keyutils
-library provides the
-.BR keyctl_get_persistent (3)
-function for manipulating persistent keyrings.
-(This function is an interface to the
-.BR keyctl (2)
-.B KEYCTL_GET_PERSISTENT
-operation.)
-This operation allows the calling thread to get the persistent keyring
-corresponding to its own UID or, if the thread has the
-.B CAP_SETUID
-capability, the persistent keyring corresponding to some other UID
-in the same user namespace.
-.SH NOTES
-Each user namespace owns a keyring called
-.I .persistent_register
-that contains links to all of the persistent keys in that namespace.
-(The
-.I .persistent_register
-keyring can be seen when reading the contents of the
-.I /proc/keys
-file for the UID 0 in the namespace.)
-The
-.BR keyctl_get_persistent (3)
-operation looks for a key with a name of the form
-.IR _persistent. UID
-in that keyring,
-creates the key if it does not exist, and links it into the keyring.
-.SH SEE ALSO
-.ad l
-.nh
-.BR keyctl (1),
-.BR keyctl (3),
-.BR keyctl_get_persistent (3),
-.BR keyrings (7),
-.BR process\-keyring (7),
-.BR session\-keyring (7),
-.BR thread\-keyring (7),
-.BR user\-keyring (7),
-.BR user\-session\-keyring (7)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 19:06:19 +0000