{
    "mode": "man",
    "parameter": "session-keyring",
    "section": "7",
    "url": "https://www.chedong.com/phpMan.php/man/session-keyring/7/json",
    "generated": "2026-06-12T03:54:52Z",
    "sections": {
        "NAME": {
            "content": "session-keyring - session shared process keyring\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "The session keyring is a keyring used to anchor keys on behalf of a process.  It is typically\ncreated by pamkeyinit(8) when a user logs in and a link will be added  that  refers  to  the\nuser-keyring(7).  Optionally, PAM may revoke the session keyring on logout.  (In typical con‐\nfigurations, PAM does do this revocation.)  The session keyring has  the  name  (description)\nses.\n\nA  special serial number value, KEYSPECSESSIONKEYRING, is defined that can be used in lieu\nof the actual serial number of the calling process's session keyring.\n\nFrom the keyctl(1) utility, '@s' can be used instead of a numeric key ID  in  much  the  same\nway.\n\nA process's session keyring is inherited across clone(2), fork(2), and vfork(2).  The session\nkeyring is preserved across execve(2), even when the executable is set-user-ID or  set-group-\nID  or  has capabilities.  The session keyring is destroyed when the last process that refers\nto it exits.\n\nIf a process doesn't have a session keyring when it is accessed, then, under certain  circum‐\nstances, the user-session-keyring(7) will be attached as the session keyring and under others\na new session keyring will be created.  (See user-session-keyring(7) for further details.)\n",
            "subsections": [
                {
                    "name": "Special operations",
                    "content": "The keyutils library provides the  following  special  operations  for  manipulating  session\nkeyrings:\n\nkeyctljoinsessionkeyring(3)\nThis  operation allows the caller to change the session keyring that it subscribes to.\nThe caller can join an existing keyring with a specified name (description), create  a\nnew  keyring  with a given name, or ask the kernel to create a new \"anonymous\" session\nkeyring with the name \"ses\".   (This  function  is  an  interface  to  the  keyctl(2)\nKEYCTLJOINSESSIONKEYRING operation.)\n\nkeyctlsessiontoparent(3)\nThis  operation  allows the caller to make the parent process's session keyring to the\nsame as its own.  For this to succeed, the parent process must have identical security\nattributes  and  must  be  single  threaded.   (This  function  is an interface to the\nkeyctl(2) KEYCTLSESSIONTOPARENT operation.)\n\nThese operations are also exposed through the keyctl(1) utility as:\n\nkeyctl session\nkeyctl session - [<prog> <arg1> <arg2> ...]\nkeyctl session <name> [<prog> <arg1> <arg2> ...]\n\nand:\n\nkeyctl newsession\n"
                }
            ]
        },
        "SEE ALSO": {
            "content": "keyctl(1), keyctl(3), keyctljoinsessionkeyring(3), keyctlsessiontoparent(3),\nkeyrings(7), persistent-keyring(7), process-keyring(7), thread-keyring(7), user-keyring(7),\nuser-session-keyring(7), pamkeyinit(8)\n",
            "subsections": []
        },
        "COLOPHON": {
            "content": "This page is part of release 5.10 of the Linux man-pages project.  A description of the\nproject, information about reporting bugs, and the latest version of this page, can be found\nat https://www.kernel.org/doc/man-pages/.\n\n\n\nLinux                                        2020-08-13                           SESSION-KEYRING(7)",
            "subsections": []
        }
    },
    "summary": "session-keyring - session shared process keyring",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "keyctl",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/keyctl/1/json"
        },
        {
            "name": "keyctl",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/keyctl/3/json"
        },
        {
            "name": "keyctljoinsessionkeyring",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/keyctljoinsessionkeyring/3/json"
        },
        {
            "name": "keyctlsessiontoparent",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/keyctlsessiontoparent/3/json"
        },
        {
            "name": "keyrings",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/keyrings/7/json"
        },
        {
            "name": "persistent-keyring",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/persistent-keyring/7/json"
        },
        {
            "name": "process-keyring",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/process-keyring/7/json"
        },
        {
            "name": "thread-keyring",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/thread-keyring/7/json"
        },
        {
            "name": "user-keyring",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/user-keyring/7/json"
        },
        {
            "name": "user-session-keyring",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/user-session-keyring/7/json"
        },
        {
            "name": "pamkeyinit",
            "section": "8",
            "url": "https://www.chedong.com/phpMan.php/man/pamkeyinit/8/json"
        }
    ]
}