LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

keyctl.2: Remove FIXMEs/update details after conversation with David Howells 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2016-11-02 23:39:37 +01:00
parent 152d5aab8a
commit 38590ae0ff
1 changed files with 28 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
man2/keyctl.2
View File

@ -91,41 +91,38 @@ See
This specifies the caller's session-specific keyring. This specifies the caller's session-specific keyring.
See See
.BR session-keyring (7). .BR session-keyring (7).
.\" FIXME What is the lifetime of the session keyring?
.TP .TP
.B KEY_SPEC_USER_KEYRING .B KEY_SPEC_USER_KEYRING
This specifies the caller's UID-specific keyring. This specifies the caller's UID-specific keyring.
See See
.BR user-keyring (7). .BR user-keyring (7).
.\" FIXME What is the lifetime of the user keyring?
.TP .TP
.B KEY_SPEC_USER_SESSION_KEYRING .B KEY_SPEC_USER_SESSION_KEYRING
This specifies the caller's UID-session keyring. This specifies the caller's UID-session keyring.
.\" FIXME What is the lifetime of the UID-session keyring?
See See
.BR user-session-keyring (7). .BR user-session-keyring (7).
.\" FIXME What is the UID-session keyring vis-a-vis the session keyring?
.\" In other words, why do they both exist?
.TP .TP
.BR KEY_SPEC_REQKEY_AUTH_KEY " (since Linux 2.6.16)" .BR KEY_SPEC_REQKEY_AUTH_KEY " (since Linux 2.6.16)"
.\" commit b5f545c880a2a47947ba2118b2509644ab7a2969 .\" commit b5f545c880a2a47947ba2118b2509644ab7a2969
This specifies the authorization key created by This specifies the authorization key created by
.BR request_key (2) .BR request_key (2)
and passed to the process it spawns to generate a key. and passed to the process it spawns to generate a key.
.\" FIXME This key is available only in a
.\" Presumably, KEY_SPEC_REQKEY_AUTH_KEY can be used only in a .BR request-key (8)-style
.\" request-key(8)-style that was kicked off by the kernel in response to program that was passed an authorization key by the kernel and
.\" a request_key(2)? Is that correct? ceases to be available once the requested key has been instantiated; see
.BR request_key (2).
.TP .TP
.BR KEY_SPEC_REQUESTOR_KEYRING " (since Linux 2.6.29)" .BR KEY_SPEC_REQUESTOR_KEYRING " (since Linux 2.6.29)"
.\" commit 8bbf4976b59fc9fc2861e79cab7beb3f6d647640 .\" commit 8bbf4976b59fc9fc2861e79cab7beb3f6d647640
This specifies the key ID for the This specifies the key ID for the
.BR request_key (2) .BR request_key (2)
destination keyring. destination keyring.
.\" FIXME This keyring is available only in a
.\" Presumably, KEY_SPEC_REQUESTOR_KEYRING can be used only in a .BR request-key (8)-style
.\" request-key(8)-style that was kicked off by the kernel in response to program that was passed an authorization key by the kernel and
.\" a request_key(2)? Is that correct? ceases to be available once the requested key has been instantiated; see
.BR request_key (2).
.RE .RE
.IP .IP
If the key specified in If the key specified in
@ -815,7 +812,6 @@ via the function
.BR keyctl_read (3). .BR keyctl_read (3).
.TP .TP
.BR KEYCTL_INSTANTIATE " (since Linux 2.6.11)" .BR KEYCTL_INSTANTIATE " (since Linux 2.6.11)"
.\" FIXME I added the word "(Positively)" in the next sentence. Okay?
(Positively) instantiate an uninstantiated key with a specified payload. (Positively) instantiate an uninstantiated key with a specified payload.
.\" FIXME Is the only use for KEYCTL_INSTANTIATE inside a .\" FIXME Is the only use for KEYCTL_INSTANTIATE inside a
.\" request-keys(8)-style program? .\" request-keys(8)-style program?
@ -835,9 +831,7 @@ the size of that buffer is specified in
.IR size_t ). .IR size_t ).
The payload may be a NULL pointer and the buffer size may be 0 The payload may be a NULL pointer and the buffer size may be 0
if this is supported by the key type. if this is supported by the key type (e.g., it is a keyring).
.\" FIXME Above, what is an example of a key type that supports a
.\" a NULL payload plus buffer size of zero? Keyrings?
The operation may be fail if the payload data is in the wrong format The operation may be fail if the payload data is in the wrong format
or is otherwise invalid. or is otherwise invalid.
@ -901,8 +895,9 @@ to specify the new default keyring:
.RS .RS
.TP .TP
.BR KEY_REQKEY_DEFL_NO_CHANGE .BR KEY_REQKEY_DEFL_NO_CHANGE
No change. Don't change the default keyring.
.\" FIXME: What is the purpose of KEY_REQKEY_DEFL_NO_CHANGE? This option is useful, since the call returns the current default keyring
(without changing it).
.TP .TP
.BR KEY_REQKEY_DEFL_DEFAULT .BR KEY_REQKEY_DEFL_DEFAULT
This selects the default behaviour, This selects the default behaviour,
@ -968,9 +963,6 @@ via the function
.BR keyctl_set_reqkey_keyring (3). .BR keyctl_set_reqkey_keyring (3).
.TP .TP
.BR KEYCTL_SET_TIMEOUT " (since Linux 2.6.16)" .BR KEYCTL_SET_TIMEOUT " (since Linux 2.6.16)"
.\" FIXME Against which clock is the timeout measured?
.\" (It looks to be the REALTIME clock; was there a particular reason to
.\" choose the REALTIME clock over the MONOTONIC clock?)
Set a timeout on a key. Set a timeout on a key.
.\" FIXME Other than looking in /proc/keys, is there any way of .\" FIXME Other than looking in /proc/keys, is there any way of
.\" discovering the timeout on a key? .\" discovering the timeout on a key?
@ -984,9 +976,15 @@ is specified in
.I arg3 .I arg3
(cast to (cast to
.IR "unsigned int" ). .IR "unsigned int" ).
The timeout is measured against the realtime clock.
Specifying the timeout value as 0 clears any existing timeout on the key. Specifying the timeout value as 0 clears any existing timeout on the key.
The
.I /proc/keys
file displays the remaining time until each key will expire.
(This is the only method of discovering the timeout on a key.)
The caller must either have the The caller must either have the
.I setattr .I setattr
permission on the key permission on the key
@ -1138,7 +1136,9 @@ Replace the session keyring to which the
.I parent .I parent
of the calling process of the calling process
subscribes with the session keyring of the calling process. subscribes with the session keyring of the calling process.
.\" FIXME What is the use case for KEYCTL_SESSION_TO_PARENT? .\" What is the use case for KEYCTL_SESSION_TO_PARENT?
.\" David Howells: the Process Authentication Groups people requested this,
.\" but then didn't use it; maybe there are no users.
The keyring will be replaced in the parent process at the point The keyring will be replaced in the parent process at the point
where the parent next transitions from kernel space to user space. where the parent next transitions from kernel space to user space.
@ -1555,7 +1555,7 @@ is
and the requested link would cause the maximum nesting depth and the requested link would cause the maximum nesting depth
for keyrings to be exceeded. for keyrings to be exceeded.
.TP .TP
.B ENFILE .BR ENFILE " (Linux kernels before 3.13)"
.\" FIXME Does this error really occur? I could not find where .\" FIXME Does this error really occur? I could not find where
.\" in the kernel source it is generated, but have not tested .\" in the kernel source it is generated, but have not tested
.\" this case from a user-space program .\" this case from a user-space program
@ -1563,6 +1563,10 @@ for keyrings to be exceeded.
is is
.BR KEYCTL_LINK .BR KEYCTL_LINK
and the keyring is full. and the keyring is full.
(Before Linux 3.13,
.\" commit b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
the available space for storing keyring links was limited to
a single page of memory; since Linux 3.13, there is no fixed limit.)
.TP .TP
.B ENOENT .B ENOENT
.I operation .I operation