diff options
| author | Alejandro Colomar <alx@kernel.org> | 2024-08-17 19:12:37 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2024-08-21 23:51:12 +0200 |
| commit | 3a360aa783abbdea57e709b5e1b7d04d27054848 (patch) | |
| tree | 297d7e55e8f4982b9b83487fc15ffb4622621196 | |
| parent | 7d7ccc4b217dbb01269f4156f5f649c0f9349a01 (diff) | |
| download | man-pages-3a360aa783abbdea57e709b5e1b7d04d27054848.tar.gz | |
keyctl.2, KEYCTL_GET_SECURITY.2const: Split KEYCTL_GET_SECURITY from keyctl(2)
Signed-off-by: Alejandro Colomar <alx@kernel.org>
| -rw-r--r-- | man/man2/keyctl.2 | 64 | ||||
| -rw-r--r-- | man/man2const/KEYCTL_GET_SECURITY.2const | 105 |
2 files changed, 107 insertions, 62 deletions
diff --git a/man/man2/keyctl.2 b/man/man2/keyctl.2 index 519f638430..7236714be9 100644 --- a/man/man2/keyctl.2 +++ b/man/man2/keyctl.2 @@ -79,61 +79,8 @@ are: .BR KEYCTL_SET_TIMEOUT (2const) .TQ .BR KEYCTL_ASSUME_AUTHORITY (2const) -.TP -.BR KEYCTL_GET_SECURITY " (since Linux 2.6.26)" -.\" commit 70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d -Get the LSM (Linux Security Module) security label of the specified key. -.IP -The ID of the key whose security label is to be fetched is specified in -.I arg2 -(cast to -.IR key_serial_t ). -The security label (terminated by a null byte) -will be placed in the buffer pointed to by -.I arg3 -argument (cast to -.IR "char\ *" ); -the size of the buffer must be provided in -.I arg4 -(cast to -.IR size_t ). -.IP -If -.I arg3 -is specified as NULL or the buffer size specified in -.I arg4 -is too small, the full size of the security label string -(including the terminating null byte) -is returned as the function result, -and nothing is copied to the buffer. -.IP -The caller must have -.I view -permission on the specified key. -.IP -The returned security label string will be rendered in a form appropriate -to the LSM in force. -For example, with SELinux, it may look like: -.IP -.in +4n -.EX -unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 -.EE -.in -.IP -If no LSM is currently in force, -then an empty string is placed in the buffer. -.IP -The -.I arg5 -argument is ignored. -.IP -This operation is exposed by -.I libkeyutils -via the functions -.BR keyctl_get_security (3) -and -.BR keyctl_get_security_alloc (3). +.TQ +.BR KEYCTL_GET_SECURITY (2const) .TP .BR KEYCTL_SESSION_TO_PARENT " (since Linux 2.6.32)" .\" commit ee18d64c1f632043a02e6f5ba5e045bb26a5465f @@ -486,11 +433,6 @@ is ignored. .SH RETURN VALUE For a successful call, the return value depends on the operation. .TP -.B KEYCTL_GET_SECURITY -The size of the LSM security label string -(including the terminating null byte), -irrespective of the provided buffer size. -.TP .B KEYCTL_GET_PERSISTENT The ID of the persistent keyring. .TP @@ -1030,8 +972,6 @@ main(int argc, char *argv[]) .BR keyctl_dh_compute (3), .BR keyctl_dh_compute_alloc (3), .BR keyctl_get_persistent (3), -.BR keyctl_get_security (3), -.BR keyctl_get_security_alloc (3), .BR keyctl_invalidate (3), .BR keyctl_session_to_parent (3), .BR recursive_key_scan (3), diff --git a/man/man2const/KEYCTL_GET_SECURITY.2const b/man/man2const/KEYCTL_GET_SECURITY.2const new file mode 100644 index 0000000000..b48b938e5a --- /dev/null +++ b/man/man2const/KEYCTL_GET_SECURITY.2const @@ -0,0 +1,105 @@ +.\" Copyright 2016, Michael Kerrisk <mtk.manpages@gmail.com> +.\" Copyright 2016, Eugene Syromyatnikov <evgsyr@gmail.com> +.\" A very few fragments remain from an earlier version of this page +.\" written by David Howells (dhowells@redhat.com) +.\" Copyright 2024, Alejandro Colomar <alx@kernel.org> +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH KEYCTL_GET_SECURITY 2const (date) "Linux man-pages (unreleased)" +.SH NAME +KEYCTL_GET_SECURITY +\- +manipulate the kernel's key management facility +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <linux/keyctl.h>" " /* Definition of " KEY* " constants */" +.BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */" +.B #include <unistd.h> +.P +.BI "long syscall(SYS_keyctl, KEYCTL_GET_SECURITY, unsigned long " arg2 , +.BI " unsigned long " arg3 ", unsigned long " arg4 , +.BI " unsigned long " arg5 ); +.fi +.SH DESCRIPTION +.TP +.BR KEYCTL_GET_SECURITY " (since Linux 2.6.26)" +.\" commit 70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d +Get the LSM (Linux Security Module) security label of the specified key. +.IP +The ID of the key whose security label is to be fetched is specified in +.I arg2 +(cast to +.IR key_serial_t ). +The security label (terminated by a null byte) +will be placed in the buffer pointed to by +.I arg3 +argument (cast to +.IR "char\ *" ); +the size of the buffer must be provided in +.I arg4 +(cast to +.IR size_t ). +.IP +If +.I arg3 +is specified as NULL or the buffer size specified in +.I arg4 +is too small, the full size of the security label string +(including the terminating null byte) +is returned as the function result, +and nothing is copied to the buffer. +.IP +The caller must have +.I view +permission on the specified key. +.IP +The returned security label string will be rendered in a form appropriate +to the LSM in force. +For example, with SELinux, it may look like: +.IP +.in +4n +.EX +unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 +.EE +.in +.IP +If no LSM is currently in force, +then an empty string is placed in the buffer. +.IP +The +.I arg5 +argument is ignored. +.IP +This operation is exposed by +.I libkeyutils +via the functions +.BR keyctl_get_security (3) +and +.BR keyctl_get_security_alloc (3). +.SH RETURN VALUE +.TP +.B KEYCTL_GET_SECURITY +The size of the LSM security label string +(including the terminating null byte), +irrespective of the provided buffer size. +.P +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH VERSIONS +A wrapper is provided in the +.I libkeyutils +library: +.BR keyctl_get_security (3). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.6.26. +.SH SEE ALSO +.BR keyctl (2), +.BR keyctl_get_security (3), +.BR keyctl_get_security_alloc (3) |