mirror of https://github.com/mkerrisk/man-pages
request_key.2: Minor wording fixes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
a2b148c3ef
commit
e2eab9148d
|
@ -21,26 +21,28 @@ request_key \- request a key from the kernel's key management facility
|
||||||
.fi
|
.fi
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
.BR request_key ()
|
.BR request_key ()
|
||||||
asks the kernel to find a key of the given
|
attempts to find a key of the given
|
||||||
.I type
|
.I type
|
||||||
that matches the specified
|
with a description (name) that matches the specified
|
||||||
.I description
|
.I description
|
||||||
and, if successful, to attach it to the nominated
|
and, if successful, attaches it to the nominated
|
||||||
.I keyring
|
.I keyring
|
||||||
and to return its serial number.
|
and returns its serial number.
|
||||||
.P
|
.P
|
||||||
.BR request_key ()
|
.BR request_key ()
|
||||||
first recursively searches all the keyrings attached to the calling process in
|
first recursively searches for a matching key in all of the keyrings
|
||||||
the order thread-specific keyring, process-specific keyring and then session
|
attached to the calling process.
|
||||||
keyring for a matching key.
|
The keyrings are searched in the order: thread-specific keyring,
|
||||||
|
process-specific keyring, and then session keyring.
|
||||||
.P
|
.P
|
||||||
If
|
If
|
||||||
.BR request_key ()
|
.BR request_key ()
|
||||||
is called from a program invoked by
|
is called from a program invoked by
|
||||||
.BR request_key ()
|
.BR request_key ()
|
||||||
on behalf of some other process to generate a key, then the keyrings of that
|
on behalf of some other process to generate a key, then the keyrings of that
|
||||||
other process will be searched next, using that other process's UID, GID,
|
other process will be searched next,
|
||||||
groups, and security context to control access.
|
using that other process's user ID, group ID,
|
||||||
|
supplementary group IDs, and security context to control access.
|
||||||
.P
|
.P
|
||||||
The keys in each keyring searched are checked for a match before any child
|
The keys in each keyring searched are checked for a match before any child
|
||||||
keyrings are recursed into.
|
keyrings are recursed into.
|
||||||
|
@ -52,11 +54,11 @@ keyrings may be searched.
|
||||||
.P
|
.P
|
||||||
If the key is not found, then, if
|
If the key is not found, then, if
|
||||||
.I callout_info
|
.I callout_info
|
||||||
is set, this function will attempt to look further afield.
|
is not NULL, this function will attempt to look further afield.
|
||||||
In such a case, the
|
In such a case, the
|
||||||
.I callout_info
|
.I callout_info
|
||||||
is passed to a user-space service such as
|
is passed to a user-space service such as
|
||||||
.B /sbin/request\-key
|
.I /sbin/request\-key
|
||||||
to generate the key.
|
to generate the key.
|
||||||
.P
|
.P
|
||||||
If that is unsuccessful also, then an error will be returned, and a temporary
|
If that is unsuccessful also, then an error will be returned, and a temporary
|
||||||
|
@ -70,7 +72,7 @@ to fail until it does.
|
||||||
The
|
The
|
||||||
.I keyring
|
.I keyring
|
||||||
serial number may be that of a valid keyring to which the caller has write
|
serial number may be that of a valid keyring to which the caller has write
|
||||||
permission, or it may be a special keyring ID:
|
permission, or it may be one of the following special keyring IDs:
|
||||||
.TP
|
.TP
|
||||||
.B KEY_SPEC_THREAD_KEYRING
|
.B KEY_SPEC_THREAD_KEYRING
|
||||||
This specifies the caller's thread-specific keyring.
|
This specifies the caller's thread-specific keyring.
|
||||||
|
@ -92,11 +94,12 @@ will displace any other key of the same type and description from the
|
||||||
destination
|
destination
|
||||||
.IR keyring .
|
.IR keyring .
|
||||||
.SH RETURN VALUE
|
.SH RETURN VALUE
|
||||||
On success
|
On success,
|
||||||
.BR request_key ()
|
.BR request_key ()
|
||||||
returns the serial number of the key it found.
|
returns the serial number of the key it found.
|
||||||
On error, the value \-1
|
On error, \-1 is returned and
|
||||||
will be returned and errno will have been set to an appropriate error.
|
.I errno
|
||||||
|
is set to indicate the cause of the error.
|
||||||
.SH ERRORS
|
.SH ERRORS
|
||||||
.TP
|
.TP
|
||||||
.B EACCES
|
.B EACCES
|
||||||
|
|
Loading…
Reference in New Issue