aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/keys.txt
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/keys.txt')
-rw-r--r--Documentation/keys.txt43
1 files changed, 42 insertions, 1 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index 6304db59bfe4..aaa01b0e3ee9 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -308,6 +308,8 @@ process making the call:
308 KEY_SPEC_USER_KEYRING -4 UID-specific keyring 308 KEY_SPEC_USER_KEYRING -4 UID-specific keyring
309 KEY_SPEC_USER_SESSION_KEYRING -5 UID-session keyring 309 KEY_SPEC_USER_SESSION_KEYRING -5 UID-session keyring
310 KEY_SPEC_GROUP_KEYRING -6 GID-specific keyring 310 KEY_SPEC_GROUP_KEYRING -6 GID-specific keyring
311 KEY_SPEC_REQKEY_AUTH_KEY -7 assumed request_key()
312 authorisation key
311 313
312 314
313The main syscalls are: 315The main syscalls are:
@@ -498,7 +500,11 @@ The keyctl syscall functions are:
498 keyring is full, error ENFILE will result. 500 keyring is full, error ENFILE will result.
499 501
500 The link procedure checks the nesting of the keyrings, returning ELOOP if 502 The link procedure checks the nesting of the keyrings, returning ELOOP if
501 it appears to deep or EDEADLK if the link would introduce a cycle. 503 it appears too deep or EDEADLK if the link would introduce a cycle.
504
505 Any links within the keyring to keys that match the new key in terms of
506 type and description will be discarded from the keyring as the new one is
507 added.
502 508
503 509
504 (*) Unlink a key or keyring from another keyring: 510 (*) Unlink a key or keyring from another keyring:
@@ -628,6 +634,41 @@ The keyctl syscall functions are:
628 there is one, otherwise the user default session keyring. 634 there is one, otherwise the user default session keyring.
629 635
630 636
637 (*) Set the timeout on a key.
638
639 long keyctl(KEYCTL_SET_TIMEOUT, key_serial_t key, unsigned timeout);
640
641 This sets or clears the timeout on a key. The timeout can be 0 to clear
642 the timeout or a number of seconds to set the expiry time that far into
643 the future.
644
645 The process must have attribute modification access on a key to set its
646 timeout. Timeouts may not be set with this function on negative, revoked
647 or expired keys.
648
649
650 (*) Assume the authority granted to instantiate a key
651
652 long keyctl(KEYCTL_ASSUME_AUTHORITY, key_serial_t key);
653
654 This assumes or divests the authority required to instantiate the
655 specified key. Authority can only be assumed if the thread has the
656 authorisation key associated with the specified key in its keyrings
657 somewhere.
658
659 Once authority is assumed, searches for keys will also search the
660 requester's keyrings using the requester's security label, UID, GID and
661 groups.
662
663 If the requested authority is unavailable, error EPERM will be returned,
664 likewise if the authority has been revoked because the target key is
665 already instantiated.
666
667 If the specified key is 0, then any assumed authority will be divested.
668
669 The assumed authorititive key is inherited across fork and exec.
670
671
631=============== 672===============
632KERNEL SERVICES 673KERNEL SERVICES
633=============== 674===============