Provided by: keyutils_1.5.9-10_amd64 bug

NAME

       session-keyring - Session shared process keyring

DESCRIPTION

       The  session  keyring  is  a  keyring  used  to anchor keys on behalf of a process.  It is
       typically created by the pam_keyinit module when a user logs in and a link will  be  added
       that refers to the user keyring.

       A  special  serial  number value, KEY_SPEC_SESSION_KEYRING, is defined that can be used in
       lieu of the calling process's session keyring's actual serial number.

       From the keyctl utility, '@s' can be used instead of a numeric key ID  in  much  the  same
       way.

       A  process's  session  keyring  is  inherited  across  clone(),  fork() and vfork() and is
       retained across execve() - even when the target  executable  is  setuid  or  setgid.   The
       session keyring will be destroyed when the last process that refers to it exits.

       If  a  process  doesn't  have  a  session keyring when it is accessed, then, under certain
       circumstances, the user session keyring will be attached as the session keyring and  under
       others a new session keyring will be created.

SPECIAL OPERATIONS

       The  keyutils  library  provides  a  number of special operations for manipulating session
       keyrings:

       keyctl_join_session_keyring()
              This operation allows the caller to change their session keyring.  The  caller  can
              join an existing keyring by name, create a new keyring of the name given or ask the
              kernel to create a new session keyring with the name "_ses".

       keyctl_session_to_parent()
              This operation allows the caller to set the parent process's session keyring to the
              same  as  their  own.   For this to succeed, the parent process must have identical
              security attributes and must be single threaded.

       These operations are also exposed through the keyctl utility as:

              keyctl session
              keyctl session - [<prog> <arg1> <arg2> ...]
              keyctl session <name> [<prog> <arg1> <arg2> ...]

       and:

              keyctl new_session

SEE ALSO

       keyctl(1),
       keyctl(3),
       keyctl_join_session_keyring(3),
       keyctl_session_to_parent(3),
       pam_keyinit(8),
       keyrings(7),
       thread-keyring(7),
       process-keyring(7),
       user-keyring(7),
       user-session-keyring(7)
       persistent-keyring(7)