управление ключевыми объектами управления (key management facility control)
KEY IDENTIFIERS
The key identifiers passed to or returned from keyctl are, in
general, positive integers. There are, however, some special
values with special meanings that can be passed as arguments:
No key: 0
Thread keyring: @t or -1
Each thread may have its own keyring. This is searched
first, before all others. The thread keyring is replaced
by (v)fork, exec and clone.
Process keyring: @p or -2
Each process (thread group) may have its own keyring. This
is shared between all members of a group and will be
searched after the thread keyring. The process keyring is
replaced by (v)fork and exec.
Session keyring: @s or -3
Each process subscribes to a session keyring that is
inherited across (v)fork, exec and clone. This is searched
after the process keyring. Session keyrings can be named
and an extant keyring can be joined in place of a
process's current session keyring.
User specific keyring: @u or -4
This keyring is shared between all the processes owned by
a particular user. It isn't searched directly, but is
normally linked to from the session keyring.
User default session keyring: @us or -5
This is the default session keyring for a particular user.
Login processes that change to a particular user will bind
to this session until another session is set.
Group specific keyring: @g or -6
This is a place holder for a group specific keyring, but
is not actually implemented yet in the kernel.
Assumed request_key authorisation key: @a or -7
This selects the authorisation key provided to the
request_key() helper to permit it to access the callers
keyrings and instantiate the target key.
Keyring by name: %:<name>
A named keyring. This will be searched for in the
process's keyrings and in /proc/keys.
Key by name: %<type>:<name>
A named key of the given type. This will be searched for
in the process's keyrings and in /proc/keys.
