aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/keys.txt
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-04-29 04:01:26 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-04-29 11:06:16 -0400
commit70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d (patch)
tree8e6dcaf5630388d81b23845f293789f2d6a3596b /Documentation/keys.txt
parent4a38e122e2cc6294779021ff4ccc784a3997059e (diff)
keys: add keyctl function to get a security label
Add a keyctl() function to get the security label of a key. The following is added to Documentation/keys.txt: (*) Get the LSM security context attached to a key. long keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer, size_t buflen) This function returns a string that represents the LSM security context attached to a key in the buffer provided. Unless there's an error, it always returns the amount of data it could produce, even if that's too big for the buffer, but it won't copy more than requested to userspace. If the buffer pointer is NULL then no copy will take place. A NUL character is included at the end of the string if the buffer is sufficiently big. This is included in the returned count. If no LSM is in force then an empty string will be returned. A process must have view permission on the key for this function to be successful. [akpm@linux-foundation.org: declare keyctl_get_security()] Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Cc: Paul Moore <paul.moore@hp.com> Cc: Chris Wright <chrisw@sous-sol.org> Cc: James Morris <jmorris@namei.org> Cc: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation/keys.txt')
-rw-r--r--Documentation/keys.txt21
1 files changed, 21 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index b82d38de8b89..be424b02437d 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -711,6 +711,27 @@ The keyctl syscall functions are:
711 The assumed authoritative key is inherited across fork and exec. 711 The assumed authoritative key is inherited across fork and exec.
712 712
713 713
714 (*) Get the LSM security context attached to a key.
715
716 long keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer,
717 size_t buflen)
718
719 This function returns a string that represents the LSM security context
720 attached to a key in the buffer provided.
721
722 Unless there's an error, it always returns the amount of data it could
723 produce, even if that's too big for the buffer, but it won't copy more
724 than requested to userspace. If the buffer pointer is NULL then no copy
725 will take place.
726
727 A NUL character is included at the end of the string if the buffer is
728 sufficiently big. This is included in the returned count. If no LSM is
729 in force then an empty string will be returned.
730
731 A process must have view permission on the key for this function to be
732 successful.
733
734
714=============== 735===============
715KERNEL SERVICES 736KERNEL SERVICES
716=============== 737===============