File: KEYCTL_GET_SECURITY.2const

package info (click to toggle)
manpages 6.15-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 20,184 kB
  • sloc: sh: 575; python: 222; perl: 190; makefile: 29; lisp: 22
file content (84 lines) | stat: -rw-r--r-- 2,192 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
.\" Copyright, the authors of the Linux man-pages project
.\"
.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.TH KEYCTL_GET_SECURITY 2const 2025-06-28 "Linux man-pages (unreleased)"
.SH NAME
KEYCTL_GET_SECURITY
\-
manipulate the kernel's key management facility
.SH LIBRARY
Standard C library
.RI ( libc ,\~ \-lc )
.SH SYNOPSIS
.nf
.BR "#include <linux/keyctl.h>" "  /* Definition of " KEY* " constants */"
.BR "#include <sys/syscall.h>" "   /* Definition of " SYS_* " constants */"
.B #include <unistd.h>
.P
.BR "long syscall(" "size_t n;"
.BI "             SYS_keyctl, KEYCTL_GET_SECURITY, key_serial_t " key ,
.BI "             char " buf "[_Nullable " n "], size_t " n );
.fi
.SH DESCRIPTION
.TP
.BR KEYCTL_GET_SECURITY " (since Linux 2.6.26)"
.\" commit 70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d
Get the LSM (Linux Security Module) security label of the specified key.
.P
The ID of the key whose security label is to be fetched is specified in
.IR key .
The security label (terminated by a null byte)
will be placed in the buffer pointed to by
.I buf
argument;
the size of the buffer must be provided in
.IR n .
.P
If
.I buf
is specified as NULL or the buffer size specified in
.I n
is too small, the full size of the security label string
(including the terminating null byte)
is returned as the function result,
and nothing is copied to the buffer.
.P
The caller must have
.I view
permission on the specified key.
.P
The returned security label string will be rendered in a form appropriate
to the LSM in force.
For example, with SELinux, it may look like:
.P
.in +4n
.EX
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
.EE
.in
.P
If no LSM is currently in force,
then an empty string is placed in the buffer.
.SH RETURN VALUE
On success,
the size of the LSM security label string
(including the terminating null byte),
irrespective of the provided buffer size.
.P
On error, \-1 is returned, and
.I errno
is set to indicate the error.
.SH VERSIONS
A wrapper is provided in the
.I libkeyutils
library:
.BR keyctl_get_security (3).
.SH STANDARDS
Linux.
.SH HISTORY
Linux 2.6.26.
.SH SEE ALSO
.BR keyctl (2),
.BR keyctl_get_security (3),
.BR keyctl_get_security_alloc (3)