keyrings(7) Miscellaneous Information Manual keyrings(7) keyrings - . add_key(2) request_key(2) keyctl(2). . keyctl(1) keyctl(3) keyutils(7) . : () . . key_serial_t. Type . . () ( ) . . () . . request_key(2). . . UNIX () ( ). . . . EKEYEXPIRED. ( ) ENOKEY. . (keyrings) . . : "keyring" ( ) . . () ('.') . "user" . . . 32,767 . ( "afs:mykey"). "logon" ( 3.3) "user" ( KEYCTL_READ keyctl(2)) . . "logon" . ( "user" ). "big_key" ( 3.13) "user" 1 . (Kerberos). tmpfs . ( . tmpfs.) 4.8 tmpfs (swap). . ('.') . ( ). . UNIX . ( ) : . . . . . . . . keyctl_clear(3) keyctl_link(3) keyctl_search(3) keyctl_unlink(3) . . : . . . . . . : session-keyring(7) ( ) process-keyring(7) ( ) thread-keyring(7) ( ). add_key(2) keyctl(2) request_key(2) KEY_SPEC_SESSION_KEYRING KEY_SPEC_PROCESS_KEYRING KEY_SPEC_THREAD_KEYRING . (UID) : user-keyring(7) user-session-keyring(7). UID . add_key(2) keyctl(2) request_key(2) KEY_SPEC_USER_KEYRING KEY_SPEC_USER_SESSION_KEYRING . pam_keyinit(8) . persistent-keyring(7) UID . UID . cron(8) . . There are special keyrings owned by the kernel that can anchor keys for special purposes. An example of this is the system keyring used for holding encryption keys for module signature verification. . " " (GID) . KEY_SPEC_GROUP_KEYRING . . : (1) . (2) session-keyring(7) process-keyring(7) thread-keyring(7) . (3) . (4) (3) . (5) ( request_key(2)) (1) . . set-user-ID . UID GID. pam_keyinit(8) user-keyring(7) . : o o o o . . . : user . group . other . : possessor . . : view . ( ). read : . : () . write . ( ) search ( ): . : . link . . setattr . (LSM) . LSM keyctl_get_security(3). keyctl_chown(3) keyctl_describe(3) keyctl_get_security(3) keyctl_setperm(3) selinux(8) . . request_key(2) . ( .) : (1) : thread-keyring(7) process-keyring(7) session-keyring(7) user-session-keyring(7) . (2) upcall request_key(2) request_key(2) . (3) : . (4) . (5) . (6) ENOKEY. (3) (6) . request_key(2) keyctl_search(3) . request_key(2) callout_info upcall . . request-key(8) . . . request_key(2) keyctl_assume_authority(3) keyctl_instantiate(3) keyctl_negate(3) keyctl_reject(3) request-key(8) request-key.conf(5) . . : - DNS upcall upcall DNS . AF_RXRPC kAFS - AF_RXRPC AFS . AF_RXRPC kAFS. NFS - NFS . CIFS - CIFS . . . : MIT Kerberos 5 (libkrb5) cron(8) . /proc . /proc/keys ( 2.6.10) view . . view ( ). LSM . ( ) : (1) (2) (3)(4) (5) (6) (7) (8) (9) 009a2028 I--Q--- 1 perm 3f010000 1000 1000 user krb_ccache:primary: 12 1806c4ba I--Q--- 1 perm 3f010000 1000 1000 keyring _pid: 2 25d3a08f I--Q--- 1 perm 1f3f0000 1000 65534 keyring _uid_ses.1000: 1 28576bd8 I--Q--- 3 perm 3f010000 1000 1000 keyring _krb: 1 2c546d21 I--Q--- 190 perm 3f030000 1000 1000 keyring _ses: 2 30a4e0be I------ 4 2d 1f030000 1000 65534 keyring _persistent.1000: 1 32100fab I--Q--- 4 perm 1f3f0000 1000 65534 keyring _uid.1000: 2 32a387ea I--Q--- 1 perm 3f010000 1000 1000 keyring _pid: 2 3ce56aea I--Q--- 5 perm 3f030000 1000 1000 keyring _ses: 1 : (1) ( ) . (2) : I . R . D ( ). ( ). Q . U request-key(2). N . i . (3) (: ). (4) ( ). perm ( ). expd . (5) . : 0x01 view 0x02 read 0x04 write 0x08 search 0x10 link 0x20 setattr UID (6) . GID (7) . -1 . (8) ( .) (9) (). . name[: extra-info] name (). extra-info . : "user" "logon" ( ). "keyring" empty . "big_key" [file] tmpfs(5) ( ) [buff] . ".request_key_auth" ( request_key(2)) : key:c9a9b19 pid:28880 ci:10 : key . pid (PID) . ci ( ). /proc/key-users ( 2.6.10) . : 0: 10 9/9 2/1000000 22/25000000 42: 9 9/9 8/200 106/20000 1000: 11 11/11 10/200 271/20000 : uid . usage . nkeys/nikeys . qnkeys/maxkeys . qnbytes/maxbytes . /proc/sys/kernel/keys/gc_delay ( 2.6.32) . (EKEYREVOKED EKEYEXPIRED ) . 300 ( 5 ). /proc/sys/kernel/keys/persistent_keyring_expiry ( 3.13) ( keyctl_get_persistent(3) KEYCTL_GET_PERSISTENT keyctl(2).) 259200 ( 3 ). ( ) (quotas) : /proc/sys/kernel/keys/maxbytes ( 2.6.26) (nonroot) . 20,000. /proc/sys/kernel/keys/maxkeys ( 2.6.26) (nonroot). 200. /proc/sys/kernel/keys/root_maxbytes ( 2.6.26) (root) ( 0 ) . 25,000,000 ( 20,000 3.17). /proc/sys/kernel/keys/root_maxkeys ( 2.6.26) (root) ( 0 ). 1,000,000 ( 200 3.17). 4 . keyctl(1), add_key(2), keyctl(2), request_key(2), keyctl(3), keyutils(7), persistent-keyring(7), process-keyring(7), session-keyring(7), thread-keyring(7), user-keyring(7), user-session-keyring(7), pam_keyinit(8), request-key(8) linux.git/Documentation/crypto/asymmetric-keys.rst linux.git/Documentation/security/keys/ 3 . . : . 6.18 8 2026 keyrings(7)