Lines Matching refs:keyring
10 other keys. Processes each have three standard keyring subscriptions that a
68 actual "key". In the case of a keyring, this is a list of keys to which
69 the keyring links; in the case of a user-defined key, it's an arbitrary
116 (+) "keyring"
140 * Each process subscribes to three keyrings: a thread-specific keyring, a
141 process-specific keyring, and a session-specific keyring.
143 The thread-specific keyring is discarded from the child when any sort of
144 clone, fork, vfork or execve occurs. A new keyring is created only when
147 The process-specific keyring is replaced with an empty one in the child on
149 shared. execve also discards the process's process keyring and creates a
152 The session-specific keyring is persistent across clone, fork, vfork and
154 process can, however, replace its current session keyring with a new one
158 The ownership of the thread keyring changes when the real UID and GID of
162 specific keyring and a default user session keyring. The default session
163 keyring is initialised with a link to the user-specific keyring.
182 If a system call that modifies a key or keyring in some way would put the
207 This permits a key or keyring's attributes to be viewed - including key
212 This permits a key's payload to be viewed or a keyring's list of linked
218 link to be added to or removed from a keyring.
227 This permits a key or keyring to be linked to. To create a link from a
228 keyring to a key, a process must have Write permission on the keyring and
292 00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4
293 00000002 I----- 2 perm 1f3f0000 0 0 keyring _uid.0: empty
294 00000007 I----- 1 perm 1f3f0000 0 0 keyring _pid.1: empty
295 0000018d I----- 1 perm 1f3f0000 0 0 keyring _pid.412: empty
296 000004d2 I--Q-- 1 perm 1f3f0000 32 -1 keyring _uid.32: 1/4
297 000004d3 I--Q-- 3 perm 1f3f0000 32 -1 keyring _uid_ses.32: empty
367 KEY_SPEC_THREAD_KEYRING -1 thread-specific keyring
368 KEY_SPEC_PROCESS_KEYRING -2 process-specific keyring
369 KEY_SPEC_SESSION_KEYRING -3 session-specific keyring
370 KEY_SPEC_USER_KEYRING -4 UID-specific keyring
371 KEY_SPEC_USER_SESSION_KEYRING -5 UID-session keyring
372 KEY_SPEC_GROUP_KEYRING -6 GID-specific keyring
380 nominated keyring::
384 key_serial_t keyring);
387 in the keyring, this will try to update it with the given payload, or it
395 to the keyring. In this case, an error will be generated if the process
396 does not have permission to write to the keyring.
406 A new keyring can be generated by setting type "keyring", the keyring name
430 a keyring.
447 if necessary) and the ID of the key or keyring thus found is returned if
454 * Replace the session keyring this process subscribes to with a new one::
458 If name is NULL, an anonymous keyring is created attached to the process
459 as its session keyring, displacing the old session keyring.
461 If name is not NULL, if a keyring of that name exists, the process
462 attempts to attach it as the session keyring, returning an error if that
463 is not permitted; otherwise a new keyring of that name is created and
464 attached as the session keyring.
466 To attach to a named keyring, the keyring must have search permission for
469 The ID of the new session keyring is returned if successful.
548 * Clear out a keyring::
550 long keyctl(KEYCTL_CLEAR, key_serial_t keyring);
552 This function clears the list of keys attached to a keyring. The calling
553 process must have write permission on the keyring, and it must be a
554 keyring (or else error ENOTDIR will result).
558 DNS resolver cache keyring is an example of this.
561 * Link a key into a keyring::
563 long keyctl(KEYCTL_LINK, key_serial_t keyring, key_serial_t key);
565 This function creates a link from the keyring to the key. The process must
566 have write permission on the keyring and must have link permission on the
569 Should the keyring not be a keyring, error ENOTDIR will result; and if the
570 keyring is full, error ENFILE will result.
575 Any links within the keyring to keys that match the new key in terms of
576 type and description will be discarded from the keyring as the new one is
580 * Unlink a key or keyring from another keyring::
582 long keyctl(KEYCTL_UNLINK, key_serial_t keyring, key_serial_t key);
584 This function looks through the keyring for the first link to the
586 ignored. The process must have write permission on the keyring.
588 If the keyring is not a keyring, error ENOTDIR will result; and if the key
592 * Search a keyring tree for a key::
594 key_serial_t keyctl(KEYCTL_SEARCH, key_serial_t keyring,
598 This searches the keyring tree headed by the specified keyring until a key
599 is found that matches the type and description criteria. Each keyring is
602 The process must have search permission on the top level keyring, or else
605 a process has search permission can be matched. If the specified keyring
606 is not a keyring, ENOTDIR will result.
609 into the destination keyring if one is supplied (non-zero ID). All the
618 long keyctl(KEYCTL_READ, key_serial_t keyring, char *buffer,
626 instance, a keyring will return an array of key_serial_t entries
642 key_serial_t keyring);
645 key_serial_t keyring);
655 If a keyring is specified (non-zero), the key will also be linked into
656 that keyring, however all the constraints applying in KEYCTL_LINK apply in
668 unsigned timeout, key_serial_t keyring);
670 unsigned timeout, unsigned error, key_serial_t keyring);
679 If a keyring is specified (non-zero), the key will also be linked into
680 that keyring, however all the constraints applying in KEYCTL_LINK apply in
688 * Set the default request-key destination keyring::
692 This sets the default keyring to which implicitly requested keys will be
699 KEY_REQKEY_DEFL_THREAD_KEYRING 1 Thread keyring
700 KEY_REQKEY_DEFL_PROCESS_KEYRING 2 Process keyring
701 KEY_REQKEY_DEFL_SESSION_KEYRING 3 Session keyring
702 KEY_REQKEY_DEFL_USER_KEYRING 4 User keyring
703 KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 User session keyring
704 KEY_REQKEY_DEFL_GROUP_KEYRING 6 Group keyring
709 The default keyring can be overridden by the keyring indicated to the
714 [1] The default is: the thread keyring if there is one, otherwise
715 the process keyring if there is one, otherwise the session keyring if
716 there is one, otherwise the user default session keyring.
775 * Install the calling process's session keyring on its parent::
779 This functions attempts to install the calling process's session keyring
781 keyring.
784 keyring must have the same ownership as the calling process, the calling
785 process must have LINK permission on the keyring and the active LSM module
791 The keyring will be replaced next time the parent process leaves the
862 * Restrict keyring linkage::
864 long keyctl(KEYCTL_RESTRICT_KEYRING, key_serial_t keyring,
867 An existing keyring can restrict linkage of additional keys by evaluating
870 "keyring" is the key ID for an existing keyring to apply a restriction
872 will remain in the keyring even if the new restriction would reject them.
881 later unregistered, no keys may be added to the keyring after the key type
884 To apply a keyring restriction the process must have Set Attribute
885 permission and the keyring must not be previously restricted.
953 This is used to request a key or keyring with a description that matches
963 If successful, the key will have been attached to the default keyring for
1047 * If a keyring was found in the search, this can be further searched by::
1053 This searches the keyring tree specified for a matching key. Error ENOKEY
1057 The possession attribute from the keyring reference is used to control
1062 * A keyring can be created by::
1071 This creates a keyring with the given attributes and returns it. If dest
1072 is not NULL, the new keyring will be linked into the keyring to which it
1073 points. No permission checks are made upon the destination keyring.
1075 Error EDQUOT can be returned if the keyring would overload the quota (pass
1076 KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
1081 key into the new keyring. The structure may also contain a key pointer
1083 may be added into the keyring or not. The key type is used by the garbage
1091 When called, the restriction function will be passed the keyring being
1125 The facility provides access to the keyring type for managing such a bundle::
1130 keyring in a process's keyrings. A keyring thus found can then be searched
1132 search a specific keyring, so using keyrings in this way is of limited utility.
1357 keys in the keyring until one is matched. This must be used for any
1479 This optional method is used to enable userspace configuration of keyring
1517 be marked as being negative, it will be added to the session keyring, and an