1KEYCTL_GET_SECURITY(3)    Linux Key Management Calls    KEYCTL_GET_SECURITY(3)
2
3
4

NAME

6       keyctl_get_security - retrieve a key's security context
7

SYNOPSIS

9       #include <keyutils.h>
10
11       long keyctl_get_security(key_serial_t key, char *buffer,
12       size_t buflen);
13
14       long keyctl_get_security_alloc(key_serial_t key, char **_buffer);
15

DESCRIPTION

17       keyctl_get_security() retrieves the security context of a key as a NUL-
18       terminated string.  This will be rendered in a form appropriate to  the
19       LSM in force - for instance, with SELinux, it may look like
20
21              unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
22
23       The  caller  must  have  view permission on a key to be able to get its
24       security context.
25
26       buffer and buflen specify the buffer into  which  the  string  will  be
27       placed.   If  the buffer is too small, the full size of the string will
28       be returned, and no copy will take place.
29
30       keyctl_get_security_alloc() is similar to keyctl_get_security()  except
31       that it allocates a buffer big enough to hold the string and copies the
32       string into it.  If successful, A pointer to the buffer  is  placed  in
33       *_buffer.  The caller must free the buffer.
34

RETURN VALUE

36       On success keyctl_get_security() returns the amount of data placed into
37       the buffer.  If the buffer was too  small,  then  the  size  of  buffer
38       required  will be returned, but no data will be transferred.  On error,
39       the value -1 will be returned and errno will have been set to an appro‐
40       priate error.
41
42       On  success  keyctl_get_security_alloc()  returns the amount of data in
43       the buffer, less the NUL terminator.  On error, the value  -1  will  be
44       returned and errno will have been set to an appropriate error.
45

ERRORS

47       ENOKEY The key specified is invalid.
48
49       EKEYEXPIRED
50              The key specified has expired.
51
52       EKEYREVOKED
53              The key specified had been revoked.
54
55       EACCES The key exists, but is not viewable by the calling process.
56

LINKING

58       This  is  a  library  function  that can be found in libkeyutils.  When
59       linking, -lkeyutils should be specified to the linker.
60

SEE ALSO

62       keyctl(1), add_key(2), keyctl(2), request_key(2), keyctl(3),
63       keyrings(7), keyutils(7)
64
65
66
67Linux                             26 Feb 2010           KEYCTL_GET_SECURITY(3)
Impressum