Provided by: keyutils_1.5.9-9.2ubuntu2.1_amd64 bug

NAME

       persistent-keyring - Per-user persistent keyring

DESCRIPTION

       The persistent keyring is a keyring used to anchor keys on behalf of a user.  Each UID the
       kernel deals with has its own persistent keyring that is shared between all threads  owned
       by that UID.

       The  persistent  keyring  is  created  on demand when a thread requests it.  The keyring's
       expiration timer is reset every time it is accessed to the value in:

              /proc/sys/kernel/keys/persistent_keyring_expiry

       The persistent keyring is not searched by request_key() unless it  is  referred  to  by  a
       keyring that is.

       The  persistent  keyring  may  not  be  accessed  directly,  even  by  processes  with the
       appropriate UID.  Instead it must be linked to one of a process's  keyrings  first  before
       that  keyring  can  access  it  by  virtue  of  its  possessor permits.  This is done with
       keyctl_get_persistent().

       Persistent keyrings are independent of clone(),  fork(),  vfork(),  execve()  and  exit().
       They  persist  until  their  expiration  timers  trigger - at which point they are garbage
       collected.  This allows them to carry keys beyond the life of the kernel's record  of  the
       corresponding  UID  (the  destruction  of which results in the destruction of the user and
       user session keyrings).

       If a persistent keyring does not exist when it is accessed, it will be created.

SPECIAL OPERATIONS

       The keyutils library provides a special operation for manipulating persistent keyrings:

       keyctl_get_persistent()
              This operation allows the caller to get the  persistent  keyring  corresponding  to
              their  own UID or, if they have CAP_SETUID, the persistent keyring corresponding to
              some other UID in the same user namespace.

SEE ALSO

       keyctl(1),
       keyctl(3),
       keyctl_get_persistent(3),
       keyrings(7),
       process-keyring(7),
       session-keyring(7),
       thread-keyring(7),
       user-keyring(7),
       user-session-keyring(7)