diff options
| author | Alejandro Colomar <alx.manpages@gmail.com> | 2022-09-09 14:15:08 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx.manpages@gmail.com> | 2022-09-09 14:15:08 +0200 |
| commit | 96e72ec1fbadd13cbcbc2b263540e4f5e9e09d7c (patch) | |
| tree | 70686b943e33a6e939ad265acb7ddfef70b91f32 /man/man7/persistent-keyring.7 | |
| parent | 8f4ed6463206e8ede815c72085c7305dafc2e4fc (diff) | |
| download | man-pages-96e72ec1fbadd13cbcbc2b263540e4f5e9e09d7c.tar.gz | |
Revert "src.mk, All pages: Move man* to man/"
This reverts commit 70ac1c4785fc1e158ab2349a962dba2526bf4fbc.
Link: <https://lore.kernel.org/linux-man/YxcV4h+Xn7cd6+q2@pevik/T/>
Reported-by: Petr Vorel <pvorel@suse.cz>
Reported-by: Jakub Wilk <jwilk@jwilk.net>
Cc: Stefan Puiu <stefan.puiu@gmail.com>
Signed-off-by: Alex Colomar <alx.manpages@gmail.com>
Diffstat (limited to 'man/man7/persistent-keyring.7')
| -rw-r--r-- | man/man7/persistent-keyring.7 | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/man/man7/persistent-keyring.7 b/man/man7/persistent-keyring.7 deleted file mode 100644 index f148b186a9..0000000000 --- a/man/man7/persistent-keyring.7 +++ /dev/null @@ -1,124 +0,0 @@ -.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH PERSISTENT-KEYRING 7 2020-08-13 "Linux man-pages (unreleased)" -.SH NAME -persistent-keyring \- per-user persistent keyring -.SH DESCRIPTION -The persistent keyring is a keyring used to anchor keys on behalf of a user. -Each UID the kernel deals with has its own persistent keyring that -is shared between all threads owned by that UID. -The persistent keyring has a name (description) of the form -.I _persistent.<UID> -where -.I <UID> -is the user ID of the corresponding user. -.PP -The persistent keyring may not be accessed directly, -even by processes with the appropriate UID. -.\" FIXME The meaning of the preceding sentence isn't clear. What is meant? -Instead, it must first be linked to one of a process's keyrings, -before that keyring can access the persistent keyring -by virtue of its possessor permits. -This linking is done with the -.BR keyctl_get_persistent (3) -function. -.PP -If a persistent keyring does not exist when it is accessed by the -.BR keyctl_get_persistent (3) -operation, it will be automatically created. -.PP -Each time the -.BR keyctl_get_persistent (3) -operation is performed, -the persistent key's expiration timer is reset to the value in: -.PP -.in +4n -.EX -/proc/sys/kernel/keys/persistent_keyring_expiry -.EE -.in -.PP -Should the timeout be reached, -the persistent keyring will be removed and -everything it pins can then be garbage collected. -The key will then be re-created on a subsequent call to -.BR keyctl_get_persistent (3). -.PP -The persistent keyring is not directly searched by -.BR request_key (2); -it is searched only if it is linked into one of the keyrings -that is searched by -.BR request_key (2). -.PP -The persistent keyring is independent of -.BR clone (2), -.BR fork (2), -.BR vfork (2), -.BR execve (2), -and -.BR _exit (2). -It persists until its expiration timer triggers, -at which point it is garbage collected. -This allows the persistent keyring to carry keys beyond the life of -the kernel's record of the corresponding UID -(the destruction of which results in the destruction of the -.BR user\-keyring (7) -and the -.BR user\-session\-keyring (7)). -The persistent keyring can thus be used to -hold authentication tokens for processes that run without user interaction, -such as programs started by -.BR cron (8). -.PP -The persistent keyring is used to store UID-specific objects that -themselves have limited lifetimes (e.g., kerberos tokens). -If those tokens cease to be used -(i.e., the persistent keyring is not accessed), -then the timeout of the persistent keyring ensures that -the corresponding objects are automatically discarded. -.\" -.SS Special operations -The -.I keyutils -library provides the -.BR keyctl_get_persistent (3) -function for manipulating persistent keyrings. -(This function is an interface to the -.BR keyctl (2) -.B KEYCTL_GET_PERSISTENT -operation.) -This operation allows the calling thread to get the persistent keyring -corresponding to its own UID or, if the thread has the -.B CAP_SETUID -capability, the persistent keyring corresponding to some other UID -in the same user namespace. -.SH NOTES -Each user namespace owns a keyring called -.I .persistent_register -that contains links to all of the persistent keys in that namespace. -(The -.I .persistent_register -keyring can be seen when reading the contents of the -.I /proc/keys -file for the UID 0 in the namespace.) -The -.BR keyctl_get_persistent (3) -operation looks for a key with a name of the form -.IR _persistent. UID -in that keyring, -creates the key if it does not exist, and links it into the keyring. -.SH SEE ALSO -.ad l -.nh -.BR keyctl (1), -.BR keyctl (3), -.BR keyctl_get_persistent (3), -.BR keyrings (7), -.BR process\-keyring (7), -.BR session\-keyring (7), -.BR thread\-keyring (7), -.BR user\-keyring (7), -.BR user\-session\-keyring (7) |