Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

keyctl_get_security(3) [centos man page]

KEYCTL_GET_SECURITY(3)					    Linux Key Management Calls					    KEYCTL_GET_SECURITY(3)

NAME

       keyctl_get_security - Retrieve a key's security context

SYNOPSIS

       #include <keyutils.h>

       long keyctl_get_security(key_serial_t key, char *buffer,
       size_t buflen);

       long keyctl_get_security_alloc(key_serial_t key, char **_buffer);

DESCRIPTION

       keyctl_get_security()  retrieves  the security context of a key as a NUL-terminated string.  This will be rendered in a form appropriate to
       the LSM in force - for instance, with SELinux, it may look like

	      unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

       The caller must have view permission on a key to be able to get its security context.

       buffer and buflen specify the buffer into which the string will be placed.  If the buffer is too small, the full size of the string will be
       returned, and no copy will take place.

       keyctl_get_security_alloc()  is similar to keyctl_get_security() except that it allocates a buffer big enough to hold the string and copies
       the string into it.  If successful, A pointer to the buffer is placed in *_buffer.  The caller must free the buffer.

RETURN VALUE

       On success keyctl_get_security() returns the amount of data placed into the buffer.  If the buffer was too small, then the size	of  buffer
       required  will  be  returned,  but no data will be transferred.	On error, the value -1 will be returned and errno will have been set to an
       appropriate error.

       On success keyctl_get_security_alloc() returns the amount of data in the buffer, less the NUL terminator.  On error, the value -1  will	be
       returned and errno will have been set to an appropriate error.

ERRORS

       ENOKEY The key specified is invalid.

       EKEYEXPIRED
	      The key specified has expired.

       EKEYREVOKED
	      The key specified had been revoked.

       EACCES The key exists, but is not viewable by the calling process.

LINKING

       This is a library function that can be found in libkeyutils.  When linking, -lkeyutils should be specified to the linker.

SEE ALSO

       keyctl(1),
       add_key(2),
       keyctl(2),
       request_key(2),
       keyctl(3),
       request-key(8)

Linux								    26 Feb 2010 					    KEYCTL_GET_SECURITY(3)

Check Out this Related Man Page

KEYCTL_DESCRIBE(3)					    Linux Key Management Calls						KEYCTL_DESCRIBE(3)

NAME

       keyctl_describe - Describe a key

SYNOPSIS

       #include <keyutils.h>

       long keyctl_describe(key_serial_t key, char *buffer,
       size_tbuflen);

       long keyctl_describe_alloc(key_serial_t key, char **_buffer);

DESCRIPTION

       keyctl_describe() describes the attributes of a key as a NUL-terminated string.

       The caller must have view permission on a key to be able to get a description of it.

       buffer  and  buflen  specify  the  buffer  into which the key description will be placed.  If the buffer is too small, the full size of the
       description will be returned, and no copy will take place.

       keyctl_describe_alloc() is similar to keyctl_describe() except that it allocates a buffer big enough to hold the description and places the
       description in it.  If successful, A pointer to the buffer is placed in *_buffer.  The caller must free the buffer.

       The description will be a string of format:

	      "%s;%d;%d;%08x;%s"

       where the arguments are: key type name, key UID, key GID, key permissions mask and key description.

       NOTE!   The  key  description  will  not  contain  any semicolons, so that should be separated out by working backwards from the end of the
       string.	This permits extra information to be inserted before it by later versions of the kernel simply by inserting more  semicolon-termi-
       nated substrings.

RETURN VALUE

       On  success  keyctl_describe()  returns	the  amount  of data placed into the buffer.  If the buffer was too small, then the size of buffer
       required will be returned, but no data will be transferred.  On error, the value -1 will be returned and errno will have  been  set  to	an
       appropriate error.

       On  success  keyctl_describe_alloc()  returns  the  amount  of data in the buffer, less the NUL terminator.  On error, the value -1 will be
       returned and errno will have been set to an appropriate error.

ERRORS

       ENOKEY The key specified is invalid.

       EKEYEXPIRED
	      The key specified has expired.

       EKEYREVOKED
	      The key specified had been revoked.

       EACCES The key exists, but is not viewable by the calling process.

LINKING

       This is a library function that can be found in libkeyutils.  When linking, -lkeyutils should be specified to the linker.

SEE ALSO

       keyctl(1),
       add_key(2),
       keyctl(2),
       request_key(2),
       keyctl_get_keyring_ID(3),
       keyctl_join_session_keyring(3),
       keyctl_update(3),
       keyctl_revoke(3),
       keyctl_chown(3),
       keyctl_setperm(3),
       keyctl_clear(3),
       keyctl_link(3),
       keyctl_unlink(3),
       keyctl_search(3),
       keyctl_read(3),
       keyctl_instantiate(3),
       keyctl_negate(3),
       keyctl_set_reqkey_keyring(3),
       keyctl_set_timeout(3),
       keyctl_assume_authority(3),
       keyctl_read_alloc(3),
       request-key(8)

Linux								    4 May 2006							KEYCTL_DESCRIBE(3)
Man Page