Section (7) process-keyring

Linux manual pages Section 7  


process-keyring — per-process shared keyring


The process keyring is a keyring used to anchor keys on behalf of a process. It is created only when a process requests it. The process keyring has the name (description) _pid.

A special serial number value, KEY_SPEC_PROCESS_KEYRING, is defined that can be used in lieu of the actual serial number of the calling process_zsingle_quotesz_s process keyring.

From the keyctl(1) utility, _zsingle_quotesz_@p_zsingle_quotesz_ can be used instead of a numeric key ID in much the same way, but since keyctl(1) is a program run after forking, this is of no utility.

A thread created using the clone(2) CLONE_THREAD flag has the same process keyring as the caller of clone(2). When a new process is created using fork() it initially has no process keyring. A process_zsingle_quotesz_s process keyring is cleared on execve(2). The process keyring is destroyed when the last thread that refers to it terminates.

If a process doesn_zsingle_quotesz_t have a process keyring when it is accessed, then the process keyring will be created if the keyring is to be modified; otherwise, the error ENOKEY results.


keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7), session-keyring(7), thread-keyring(7), user-keyring(7), user-session-keyring(7)


This page is part of release 5.04 of the Linux man-pages project. A description of the project, information about reporting bugs, and the latest version of this page, can be found at−pages/.

Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
Written by David Howells (

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version
2 of the License, or (at your option) any later version.