diff options
| author | Alejandro Colomar <alx@kernel.org> | 2024-08-17 19:18:39 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2024-08-21 23:51:12 +0200 |
| commit | 05df17de46c9031a2468c1ee6f8f94903f3a6fb9 (patch) | |
| tree | 4f73cfd82d81d4931821d7c1712ca1be129e4f1d | |
| parent | 3a360aa783abbdea57e709b5e1b7d04d27054848 (diff) | |
| download | man-pages-05df17de46c9031a2468c1ee6f8f94903f3a6fb9.tar.gz | |
KEYCTL_GET_SECURITY.2const: Tweak after split
Signed-off-by: Alejandro Colomar <alx@kernel.org>
| -rw-r--r-- | man/man2const/KEYCTL_GET_SECURITY.2const | 50 |
1 files changed, 16 insertions, 34 deletions
diff --git a/man/man2const/KEYCTL_GET_SECURITY.2const b/man/man2const/KEYCTL_GET_SECURITY.2const index b48b938e5a..3523f2b484 100644 --- a/man/man2const/KEYCTL_GET_SECURITY.2const +++ b/man/man2const/KEYCTL_GET_SECURITY.2const @@ -20,70 +20,52 @@ Standard C library .BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */" .B #include <unistd.h> .P -.BI "long syscall(SYS_keyctl, KEYCTL_GET_SECURITY, unsigned long " arg2 , -.BI " unsigned long " arg3 ", unsigned long " arg4 , -.BI " unsigned long " arg5 ); +.BI "long syscall(SYS_keyctl, KEYCTL_GET_SECURITY, key_serial_t " key , +.BI " char " buf "[_Nullable ." n "], size_t " n ); .fi .SH DESCRIPTION .TP .BR KEYCTL_GET_SECURITY " (since Linux 2.6.26)" .\" commit 70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d Get the LSM (Linux Security Module) security label of the specified key. -.IP +.P The ID of the key whose security label is to be fetched is specified in -.I arg2 -(cast to -.IR key_serial_t ). +.IR key . The security label (terminated by a null byte) will be placed in the buffer pointed to by -.I arg3 -argument (cast to -.IR "char\ *" ); +.I buf +argument; the size of the buffer must be provided in -.I arg4 -(cast to -.IR size_t ). -.IP +.IR n . +.P If -.I arg3 +.I buf is specified as NULL or the buffer size specified in -.I arg4 +.I n is too small, the full size of the security label string (including the terminating null byte) is returned as the function result, and nothing is copied to the buffer. -.IP +.P The caller must have .I view permission on the specified key. -.IP +.P The returned security label string will be rendered in a form appropriate to the LSM in force. For example, with SELinux, it may look like: -.IP +.P .in +4n .EX unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 .EE .in -.IP +.P If no LSM is currently in force, then an empty string is placed in the buffer. -.IP -The -.I arg5 -argument is ignored. -.IP -This operation is exposed by -.I libkeyutils -via the functions -.BR keyctl_get_security (3) -and -.BR keyctl_get_security_alloc (3). .SH RETURN VALUE -.TP -.B KEYCTL_GET_SECURITY -The size of the LSM security label string +On success, +the size of the LSM security label string (including the terminating null byte), irrespective of the provided buffer size. .P |