Lines Matching refs:keyring
10 other keys. Processes each have three standard keyring subscriptions that a
79 actual "key". In the case of a keyring, this is a list of keys to which
80 the keyring links; in the case of a user-defined key, it's an arbitrary
128 (+) "keyring"
152 (*) Each process subscribes to three keyrings: a thread-specific keyring, a
153 process-specific keyring, and a session-specific keyring.
155 The thread-specific keyring is discarded from the child when any sort of
156 clone, fork, vfork or execve occurs. A new keyring is created only when
159 The process-specific keyring is replaced with an empty one in the child on
161 shared. execve also discards the process's process keyring and creates a
164 The session-specific keyring is persistent across clone, fork, vfork and
166 process can, however, replace its current session keyring with a new one
170 The ownership of the thread keyring changes when the real UID and GID of
174 specific keyring and a default user session keyring. The default session
175 keyring is initialised with a link to the user-specific keyring.
194 If a system call that modifies a key or keyring in some way would put the
220 This permits a key or keyring's attributes to be viewed - including key
225 This permits a key's payload to be viewed or a keyring's list of linked
231 link to be added to or removed from a keyring.
240 This permits a key or keyring to be linked to. To create a link from a
241 keyring to a key, a process must have Write permission on the keyring and
307 00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4
308 00000002 I----- 2 perm 1f3f0000 0 0 keyring _uid.0: empty
309 00000007 I----- 1 perm 1f3f0000 0 0 keyring _pid.1: empty
310 0000018d I----- 1 perm 1f3f0000 0 0 keyring _pid.412: empty
311 000004d2 I--Q-- 1 perm 1f3f0000 32 -1 keyring _uid.32: 1/4
312 000004d3 I--Q-- 3 perm 1f3f0000 32 -1 keyring _uid_ses.32: empty
382 KEY_SPEC_THREAD_KEYRING -1 thread-specific keyring
383 KEY_SPEC_PROCESS_KEYRING -2 process-specific keyring
384 KEY_SPEC_SESSION_KEYRING -3 session-specific keyring
385 KEY_SPEC_USER_KEYRING -4 UID-specific keyring
386 KEY_SPEC_USER_SESSION_KEYRING -5 UID-session keyring
387 KEY_SPEC_GROUP_KEYRING -6 GID-specific keyring
395 nominated keyring:
399 key_serial_t keyring);
402 in the keyring, this will try to update it with the given payload, or it
410 to the keyring. In this case, an error will be generated if the process
411 does not have permission to write to the keyring.
421 A new keyring can be generated by setting type "keyring", the keyring name
445 a keyring.
462 if necessary) and the ID of the key or keyring thus found is returned if
469 (*) Replace the session keyring this process subscribes to with a new one:
473 If name is NULL, an anonymous keyring is created attached to the process
474 as its session keyring, displacing the old session keyring.
476 If name is not NULL, if a keyring of that name exists, the process
477 attempts to attach it as the session keyring, returning an error if that
478 is not permitted; otherwise a new keyring of that name is created and
479 attached as the session keyring.
481 To attach to a named keyring, the keyring must have search permission for
484 The ID of the new session keyring is returned if successful.
563 (*) Clear out a keyring:
565 long keyctl(KEYCTL_CLEAR, key_serial_t keyring);
567 This function clears the list of keys attached to a keyring. The calling
568 process must have write permission on the keyring, and it must be a
569 keyring (or else error ENOTDIR will result).
573 DNS resolver cache keyring is an example of this.
576 (*) Link a key into a keyring:
578 long keyctl(KEYCTL_LINK, key_serial_t keyring, key_serial_t key);
580 This function creates a link from the keyring to the key. The process must
581 have write permission on the keyring and must have link permission on the
584 Should the keyring not be a keyring, error ENOTDIR will result; and if the
585 keyring is full, error ENFILE will result.
590 Any links within the keyring to keys that match the new key in terms of
591 type and description will be discarded from the keyring as the new one is
595 (*) Unlink a key or keyring from another keyring:
597 long keyctl(KEYCTL_UNLINK, key_serial_t keyring, key_serial_t key);
599 This function looks through the keyring for the first link to the
601 ignored. The process must have write permission on the keyring.
603 If the keyring is not a keyring, error ENOTDIR will result; and if the key
607 (*) Search a keyring tree for a key:
609 key_serial_t keyctl(KEYCTL_SEARCH, key_serial_t keyring,
613 This searches the keyring tree headed by the specified keyring until a key
614 is found that matches the type and description criteria. Each keyring is
617 The process must have search permission on the top level keyring, or else
620 a process has search permission can be matched. If the specified keyring
621 is not a keyring, ENOTDIR will result.
624 into the destination keyring if one is supplied (non-zero ID). All the
633 long keyctl(KEYCTL_READ, key_serial_t keyring, char *buffer,
641 instance, a keyring will return an array of key_serial_t entries
657 key_serial_t keyring);
660 key_serial_t keyring);
670 If a keyring is specified (non-zero), the key will also be linked into
671 that keyring, however all the constraints applying in KEYCTL_LINK apply in
683 unsigned timeout, key_serial_t keyring);
685 unsigned timeout, unsigned error, key_serial_t keyring);
694 If a keyring is specified (non-zero), the key will also be linked into
695 that keyring, however all the constraints applying in KEYCTL_LINK apply in
703 (*) Set the default request-key destination keyring.
707 This sets the default keyring to which implicitly requested keys will be
714 KEY_REQKEY_DEFL_THREAD_KEYRING 1 Thread keyring
715 KEY_REQKEY_DEFL_PROCESS_KEYRING 2 Process keyring
716 KEY_REQKEY_DEFL_SESSION_KEYRING 3 Session keyring
717 KEY_REQKEY_DEFL_USER_KEYRING 4 User keyring
718 KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 User session keyring
719 KEY_REQKEY_DEFL_GROUP_KEYRING 6 Group keyring
724 The default keyring can be overridden by the keyring indicated to the
729 [1] The default is: the thread keyring if there is one, otherwise
730 the process keyring if there is one, otherwise the session keyring if
731 there is one, otherwise the user default session keyring.
790 (*) Install the calling process's session keyring on its parent.
794 This functions attempts to install the calling process's session keyring
796 keyring.
799 keyring must have the same ownership as the calling process, the calling
800 process must have LINK permission on the keyring and the active LSM module
806 The keyring will be replaced next time the parent process leaves the
888 This is used to request a key or keyring with a description that matches
898 If successful, the key will have been attached to the default keyring for
982 (*) If a keyring was found in the search, this can be further searched by:
988 This searches the keyring tree specified for a matching key. Error ENOKEY
992 The possession attribute from the keyring reference is used to control
997 (*) A keyring can be created by:
1005 This creates a keyring with the given attributes and returns it. If dest
1006 is not NULL, the new keyring will be linked into the keyring to which it
1007 points. No permission checks are made upon the destination keyring.
1009 Error EDQUOT can be returned if the keyring would overload the quota (pass
1010 KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
1038 The facility provides access to the keyring type for managing such a bundle:
1043 keyring in a process's keyrings. A keyring thus found can then be searched
1045 search a specific keyring, so using keyrings in this way is of limited utility.
1250 keys in the keyring until one is matched. This must be used for any
1403 be marked as being negative, it will be added to the session keyring, and an