mirror of https://github.com/mkerrisk/man-pages
keyctl.2: Simplify KEYCTL_NEGATE details
This operation is just a special case of KEYCTL_REJECT Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
9f79744c9a
commit
39b91a53ca
|
|
@ -781,31 +781,9 @@ via the function
|
|||
.BR keyctl_instantiate (3).
|
||||
.TP
|
||||
.BR KEYCTL_NEGATE " (since Linux 2.6.11)"
|
||||
Negatively instantiate a partially constructed key with the ID provided in the
|
||||
.I arg2
|
||||
argument (cast to
|
||||
.IR key_serial_t ),
|
||||
setting the timeout (in seconds) to the value provided in the
|
||||
.I arg3
|
||||
argument (cast to
|
||||
.IR "unsigned int" ).
|
||||
The instantiated key will be linked to the keyring ID which is provided in the
|
||||
.I arg4
|
||||
argument (cast to
|
||||
.IR key_serial_t ).
|
||||
Negatively instantiate a partially constructed key.
|
||||
|
||||
The caller must have the appropriate instantiation permit set
|
||||
(authorization key, see
|
||||
.B KEYCTL_ASSUME_AUTHORITY
|
||||
command).
|
||||
|
||||
Negative keys are used to rate limit repeated
|
||||
.BR request_key (2)
|
||||
calls by causing them to fail with the error
|
||||
.B ENOKEY
|
||||
until the negative key expires.
|
||||
|
||||
This is equivalent to the call
|
||||
This operation is equivalent to the call:
|
||||
|
||||
keyctl(KEYCTL_REJECT, arg2, arg3, ENOKEY, arg4);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue