add_key.2: Document the "logon" key type

Information drawn from the kernel source and the info in kernel commit 9f6ed2ca257fa8650b876377833e6f14e272848b. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-10-21 12:13:15 +02:00 · 2016-10-21 12:13:15 +02:00 · 2c0a219bf6
parent 59c3c2df0c
commit 2c0a219bf6
1 changed files with 25 additions and 0 deletions
--- a/man2/add_key.2
+++ b/man2/add_key.2
@ -96,6 +96,22 @@ If this interface is used to create a keyring, then a NULL
 should be specified, and
 .I plen
 should be zero.
+.TP
+.IR """logon""" " (since Linux 3.3)"
+.\" commit 9f6ed2ca257fa8650b876377833e6f14e272848b
+This key type is essentially the same as
+.IR """user""" ,
+but does not provide a read operation,
+meaning that the key payload is never visible from user space.
+This is suitable for storing username and password pairs in the keyring
+that you do not want to be readable from user space.
+
+This key type also vets the
+.I description
+to ensure that it is qualified by a "service" prefix,
+by checking to ensure that the
+.I description
+contains a ':' that is preceded by other characters.
 .SH RETURN VALUE
 On success,
 .BR add_key ()
@ -111,6 +127,15 @@ The keyring wasn't available for modification by the user.
 .B EINVAL
 The payload data was invalid.
 .TP
+.B EINVAL
+.IR type
+was
+.IR """logon"""
+and the
+.I description
+was not qualified with a prefix string of the form
+.IR """service:""" .
+.TP
 .B EKEYEXPIRED
 The keyring has expired.
 .TP