mirror of https://github.com/mkerrisk/man-pages
keyctl.2: Improve KEYCTL_REJECT details
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
39b91a53ca
commit
8ab24543a8
|
@ -960,27 +960,49 @@ via the function
|
||||||
.BR keyctl_session_to_parent (3).
|
.BR keyctl_session_to_parent (3).
|
||||||
.TP
|
.TP
|
||||||
.BR KEYCTL_REJECT " (since Linux 2.6.39)"
|
.BR KEYCTL_REJECT " (since Linux 2.6.39)"
|
||||||
Negatively instantiate a partially constructed key with the ID provided in the
|
.\" commit fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c
|
||||||
|
.\" We need some text here on why it is useful to negatively instantiate a key
|
||||||
|
Mark a key as negatively instantiated and set an expiration timer
|
||||||
|
on the key.
|
||||||
|
This operation provides a superset of the functionality of the earlier
|
||||||
|
.BR KEYCTL_NEGATE
|
||||||
|
operation.
|
||||||
|
|
||||||
|
The ID of the key that is to be negatively instantiated is specified in
|
||||||
.I arg2
|
.I arg2
|
||||||
argument (cast to
|
(cast to
|
||||||
.IR key_serial_t ),
|
.IR key_serial_t ).
|
||||||
setting timeout (in seconds) to the value provided in the
|
The
|
||||||
.I arg3
|
.I arg3
|
||||||
argument (cast to
|
(cast to
|
||||||
.IR "unsigned int" )
|
.IR "unsigned int" )
|
||||||
and instantiation error to the value provided in the
|
argument specifies the lifetime of the key, in seconds.
|
||||||
|
The
|
||||||
.I arg4
|
.I arg4
|
||||||
argument (cast to
|
argument (cast to
|
||||||
.IR "unsigned int" ).
|
.IR "unsigned int" )
|
||||||
The instantiated key will be linked to the keyring ID which is provided in the
|
specifies the error to be returned when a search hits this key;
|
||||||
|
typically, this is one of
|
||||||
|
.BR EKEYREJECTED ,
|
||||||
|
.BR EKEYREVOKED ,
|
||||||
|
or
|
||||||
|
.BR EKEYEXPIRED .
|
||||||
|
|
||||||
|
If
|
||||||
.I arg5
|
.I arg5
|
||||||
argument (cast to
|
(cast to
|
||||||
.IR key_serial_t ).
|
.IR key_serial_t )
|
||||||
|
is nonzero, then, subject to the same constraints and rules as
|
||||||
|
.BR KEYCTL_LINK ,
|
||||||
|
the negatively instantiated key is linked into the keyring
|
||||||
|
whose ID specified in
|
||||||
|
.IR arg5 .
|
||||||
|
|
||||||
The caller must have the appropriate instantiation permit set
|
The caller must have the appropriate instantiation permit set
|
||||||
(authorization key, see
|
(authorization key, see
|
||||||
.B KEYCTL_ASSUME_AUTHORITY
|
.B KEYCTL_ASSUME_AUTHORITY
|
||||||
command).
|
command and
|
||||||
|
.BR request_key (2)).
|
||||||
|
|
||||||
Negative keys are used to rate limit repeated
|
Negative keys are used to rate limit repeated
|
||||||
.BR request_key (2)
|
.BR request_key (2)
|
||||||
|
|
Loading…
Reference in New Issue