1 files changed, 55 insertions, 0 deletions

diff --git a/man7/process-keyring.7 b/man7/process-keyring.7
new file mode 100644
index 0000000..53557a0
--- /dev/null
+++ b/man7/process-keyring.7
@@ -0,0 +1,55 @@
+.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
+.\" Written by David Howells (dhowells@redhat.com)
+.\"
+.\" SPDX-License-Identifier: GPL-2.0-or-later
+.\"
+.TH process-keyring 7 2022-10-30 "Linux man-pages 6.05.01"
+.SH NAME
+process-keyring \- per-process shared keyring
+.SH DESCRIPTION
+The process keyring is a keyring used to anchor keys on behalf of a process.
+It is created only when a process requests it.
+The process keyring has the name (description)
+.IR _pid .
+.PP
+A special serial number value,
+.BR KEY_SPEC_PROCESS_KEYRING ,
+is defined that can be used in lieu of the actual serial number of
+the calling process's process keyring.
+.PP
+From the
+.BR keyctl (1)
+utility, '\fB@p\fP' can be used instead of a numeric key ID in
+much the same way, but since
+.BR keyctl (1)
+is a program run after forking, this is of no utility.
+.PP
+A thread created using the
+.BR clone (2)
+.B CLONE_THREAD
+flag has the same process keyring as the caller of
+.BR clone (2).
+When a new process is created using
+.BR fork ()
+it initially has no process keyring.
+A process's process keyring is cleared on
+.BR execve (2).
+The process keyring is destroyed when the last
+thread that refers to it terminates.
+.PP
+If a process doesn't have a process keyring when it is accessed,
+then the process keyring will be created if the keyring is to be modified;
+otherwise, the error
+.B ENOKEY
+results.
+.SH SEE ALSO
+.ad l
+.nh
+.BR keyctl (1),
+.BR keyctl (3),
+.BR keyrings (7),
+.BR persistent\-keyring (7),
+.BR session\-keyring (7),
+.BR thread\-keyring (7),
+.BR user\-keyring (7),
+.BR user\-session\-keyring (7)