Per-thread keyring
The thread keyring is a keyring used to anchor keys on behalf of a process. It is only created when a thread requests it.
A special serial number value, KEY_SPEC_THREAD_KEYRING, is defined that can be used in lieu of the calling thread's thread keyring's actual serial number.
From the keyctl utility, '@t' can be used instead of a numeric key ID in much the same way, but as keyctl is a program run after forking, this is of no utility.
Thread keyrings are not inherited across clone() and are cleared by execve(). A thread keyring is destroyed when the thread that refers to it exits.
If a thread doesn't have a thread keyring when it is accessed, then the thread keyring will be created if the keyring is to be modified, otherwise error ENOKEY will be issued.