Lines Matching refs:keyring
10 other keys. Processes each have three standard keyring subscriptions that a
68 actual "key". In the case of a keyring, this is a list of keys to which
69 the keyring links; in the case of a user-defined key, it's an arbitrary
116 (+) "keyring"
140 * Each process subscribes to three keyrings: a thread-specific keyring, a
141 process-specific keyring, and a session-specific keyring.
143 The thread-specific keyring is discarded from the child when any sort of
144 clone, fork, vfork or execve occurs. A new keyring is created only when
147 The process-specific keyring is replaced with an empty one in the child on
149 shared. execve also discards the process's process keyring and creates a
152 The session-specific keyring is persistent across clone, fork, vfork and
154 process can, however, replace its current session keyring with a new one
158 The ownership of the thread keyring changes when the real UID and GID of
162 specific keyring and a default user session keyring. The default session
163 keyring is initialised with a link to the user-specific keyring.
182 If a system call that modifies a key or keyring in some way would put the
207 This permits a key or keyring's attributes to be viewed - including key
212 This permits a key's payload to be viewed or a keyring's list of linked
218 link to be added to or removed from a keyring.
227 This permits a key or keyring to be linked to. To create a link from a
228 keyring to a key, a process must have Write permission on the keyring and
292 00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4
293 00000002 I----- 2 perm 1f3f0000 0 0 keyring _uid.0: empty
294 00000007 I----- 1 perm 1f3f0000 0 0 keyring _pid.1: empty
295 0000018d I----- 1 perm 1f3f0000 0 0 keyring _pid.412: empty
296 000004d2 I--Q-- 1 perm 1f3f0000 32 -1 keyring _uid.32: 1/4
297 000004d3 I--Q-- 3 perm 1f3f0000 32 -1 keyring _uid_ses.32: empty
367 KEY_SPEC_THREAD_KEYRING -1 thread-specific keyring
368 KEY_SPEC_PROCESS_KEYRING -2 process-specific keyring
369 KEY_SPEC_SESSION_KEYRING -3 session-specific keyring
370 KEY_SPEC_USER_KEYRING -4 UID-specific keyring
371 KEY_SPEC_USER_SESSION_KEYRING -5 UID-session keyring
372 KEY_SPEC_GROUP_KEYRING -6 GID-specific keyring
380 nominated keyring::
384 key_serial_t keyring);
387 in the keyring, this will try to update it with the given payload, or it
395 to the keyring. In this case, an error will be generated if the process
396 does not have permission to write to the keyring.
406 A new keyring can be generated by setting type "keyring", the keyring name
430 a keyring.
436 To link a key into the destination keyring the key must grant link
437 permission on the key to the caller and the keyring must grant write
451 if necessary) and the ID of the key or keyring thus found is returned if
458 * Replace the session keyring this process subscribes to with a new one::
462 If name is NULL, an anonymous keyring is created attached to the process
463 as its session keyring, displacing the old session keyring.
465 If name is not NULL, if a keyring of that name exists, the process
466 attempts to attach it as the session keyring, returning an error if that
467 is not permitted; otherwise a new keyring of that name is created and
468 attached as the session keyring.
470 To attach to a named keyring, the keyring must have search permission for
473 The ID of the new session keyring is returned if successful.
552 * Clear out a keyring::
554 long keyctl(KEYCTL_CLEAR, key_serial_t keyring);
556 This function clears the list of keys attached to a keyring. The calling
557 process must have write permission on the keyring, and it must be a
558 keyring (or else error ENOTDIR will result).
562 DNS resolver cache keyring is an example of this.
565 * Link a key into a keyring::
567 long keyctl(KEYCTL_LINK, key_serial_t keyring, key_serial_t key);
569 This function creates a link from the keyring to the key. The process must
570 have write permission on the keyring and must have link permission on the
573 Should the keyring not be a keyring, error ENOTDIR will result; and if the
574 keyring is full, error ENFILE will result.
579 Any links within the keyring to keys that match the new key in terms of
580 type and description will be discarded from the keyring as the new one is
584 * Move a key from one keyring to another::
592 Move the key specified by "id" from the keyring specified by
593 "from_ring_id" to the keyring specified by "to_ring_id". If the two
597 with EEXIST if a matching key exists in the destination keyring, otherwise
602 occur from KEYCTL_LINK also apply on the destination keyring here.
605 * Unlink a key or keyring from another keyring::
607 long keyctl(KEYCTL_UNLINK, key_serial_t keyring, key_serial_t key);
609 This function looks through the keyring for the first link to the
611 ignored. The process must have write permission on the keyring.
613 If the keyring is not a keyring, error ENOTDIR will result; and if the key
617 * Search a keyring tree for a key::
619 key_serial_t keyctl(KEYCTL_SEARCH, key_serial_t keyring,
623 This searches the keyring tree headed by the specified keyring until a key
624 is found that matches the type and description criteria. Each keyring is
627 The process must have search permission on the top level keyring, or else
630 a process has search permission can be matched. If the specified keyring
631 is not a keyring, ENOTDIR will result.
634 into the destination keyring if one is supplied (non-zero ID). All the
643 long keyctl(KEYCTL_READ, key_serial_t keyring, char *buffer,
651 instance, a keyring will return an array of key_serial_t entries
667 key_serial_t keyring);
670 key_serial_t keyring);
680 If a keyring is specified (non-zero), the key will also be linked into
681 that keyring, however all the constraints applying in KEYCTL_LINK apply in
693 unsigned timeout, key_serial_t keyring);
695 unsigned timeout, unsigned error, key_serial_t keyring);
704 If a keyring is specified (non-zero), the key will also be linked into
705 that keyring, however all the constraints applying in KEYCTL_LINK apply in
713 * Set the default request-key destination keyring::
717 This sets the default keyring to which implicitly requested keys will be
724 KEY_REQKEY_DEFL_THREAD_KEYRING 1 Thread keyring
725 KEY_REQKEY_DEFL_PROCESS_KEYRING 2 Process keyring
726 KEY_REQKEY_DEFL_SESSION_KEYRING 3 Session keyring
727 KEY_REQKEY_DEFL_USER_KEYRING 4 User keyring
728 KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 User session keyring
729 KEY_REQKEY_DEFL_GROUP_KEYRING 6 Group keyring
734 The default keyring can be overridden by the keyring indicated to the
739 [1] The default is: the thread keyring if there is one, otherwise
740 the process keyring if there is one, otherwise the session keyring if
741 there is one, otherwise the user default session keyring.
800 * Install the calling process's session keyring on its parent::
804 This functions attempts to install the calling process's session keyring
806 keyring.
809 keyring must have the same ownership as the calling process, the calling
810 process must have LINK permission on the keyring and the active LSM module
816 The keyring will be replaced next time the parent process leaves the
888 * Restrict keyring linkage::
890 long keyctl(KEYCTL_RESTRICT_KEYRING, key_serial_t keyring,
893 An existing keyring can restrict linkage of additional keys by evaluating
896 "keyring" is the key ID for an existing keyring to apply a restriction
898 will remain in the keyring even if the new restriction would reject them.
907 later unregistered, no keys may be added to the keyring after the key type
910 To apply a keyring restriction the process must have Set Attribute
911 permission and the keyring must not be previously restricted.
1033 * Watch a key or keyring for changes::
1039 keyring.
1075 being made in a keyring, a link being removed from a keyring, a keyring
1087 "Provide key/keyring change notifications" (KEY_NOTIFICATIONS)
1150 This is used to request a key or keyring with a description that matches
1160 If successful, the key will have been attached to the default keyring for
1238 * If a keyring was found in the search, this can be further searched by::
1245 This searches the specified keyring only (recurse == false) or keyring tree
1250 The possession attribute from the keyring reference is used to control
1255 * A keyring can be created by::
1264 This creates a keyring with the given attributes and returns it. If dest
1265 is not NULL, the new keyring will be linked into the keyring to which it
1266 points. No permission checks are made upon the destination keyring.
1268 Error EDQUOT can be returned if the keyring would overload the quota (pass
1269 KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
1274 key into the new keyring. The structure may also contain a key pointer
1276 may be added into the keyring or not. The key type is used by the garbage
1284 When called, the restriction function will be passed the keyring being
1318 The facility provides access to the keyring type for managing such a bundle::
1323 keyring in a process's keyrings. A keyring thus found can then be searched
1325 search a specific keyring, so using keyrings in this way is of limited utility.
1550 keys in the keyring until one is matched. This must be used for any
1672 This optional method is used to enable userspace configuration of keyring
1820 be marked as being negative, it will be added to the session keyring, and an