From 7b4861d9249f2bdfbda2f2eb5697f2cd71bd2272 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Thu, 3 Nov 2016 21:41:37 +0100 Subject: [PATCH] keyctl.2: Tweaks after discussions with David Howells Signed-off-by: Michael Kerrisk --- man2/keyctl.2 | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/man2/keyctl.2 b/man2/keyctl.2 index b3310b95b..2978499a0 100644 --- a/man2/keyctl.2 +++ b/man2/keyctl.2 @@ -241,11 +241,11 @@ Revoke the key with the ID provided in .I arg2 (cast to .IR key_serial_t ). -The key will no longer be findable, -and it will be unavailable for further operations. +The key is scheduled for garbage collection; +it will no longer be findable, +and will be unavailable for further operations. Further attempts to use the key will fail with the error .BR EKEYREVOKED . -.\" FIXME Does a revoked key get garbage collected? The caller must have .IR write @@ -1282,7 +1282,6 @@ via the function .BR KEYCTL_INVALIDATE " (since Linux 3.5)" .\" commit fd75815f727f157a05f4c96b5294a4617c0557da Mark a key as invalid. -.\" FIXME What is the difference between revoking a key and invalidating a key? The ID of the key to be invalidated is specified in .I arg2 @@ -1295,8 +1294,8 @@ the caller must have permission on the key. .\" CAP_SYS_ADMIN is permitted to invalidate certain special keys -This operation immediately marks the key as invalid -and schedules garbage collection. +This operation marks the key as invalid +and schedules immediate garbage collection. The garbage collector removes the invalidated key from all keyrings and deletes the key when its reference count reaches zero. After this operation,