diff --git a/man2/keyctl.2 b/man2/keyctl.2 index e4ce74c52..5eb77fbf5 100644 --- a/man2/keyctl.2 +++ b/man2/keyctl.2 @@ -49,7 +49,7 @@ Map a special key ID to a real key ID for this process. This operation looks up the special key whose ID is provided in .I arg2 -(which is cast as +(cast to .IR key_serial_t ) and (if it is found) the ID of corresponding real key is returned @@ -57,7 +57,7 @@ If the key specified in .I arg2 does not exist, then a new key is created if the .I arg3 -argument (cast as an +argument (cast to .IR int ) contains a non-zero value; otherwise the operation fails with the error .BR ENOKEY . @@ -90,7 +90,7 @@ displacing the previous session keyring. Otherwise, .I arg2 -(cast as +(cast to .IR "char\ *" ) is treated as the description (name) of a keyring, and the behavior is as follows: @@ -128,16 +128,16 @@ Update a key's data payload. The .I arg2 -argument (cast as +argument (cast to .IR key_serial_t ) specifies the ID of the key to be updated. The .I arg3 -argument (cast as +argument (cast to .IR "void\ *" ) points to the new payload and .I arg4 -(cast as +(cast to .IR size_t ) contains the new payload size in bytes. @@ -160,7 +160,7 @@ via the function .B KEYCTL_REVOKE Revoke the key with the ID provided in .I arg2 -(cast as +(cast to .IR key_serial_t ). The caller must have @@ -185,20 +185,20 @@ via the function .BR keyctl_revoke (3). .TP .B KEYCTL_CHOWN -Set the ownership of a key. +Change the ownership of a key. The .I arg2 -argument (converted to +argument (cast to .IR key_serial_t ) contains the key ID. The .I arg3 -argument (converted to +argument (cast to .IR uid_t ) contains the new user ID (or \-1 in case the user ID shouldn't be changed). The .I arg4 -argument (converted to +argument (cast to .IR gid_t ) contains the new group ID (or \-1 in case the group ID shouldn't be changed). The key must grant the caller @@ -226,11 +226,11 @@ via the function .B KEYCTL_SETPERM Change the permissions of the key with the ID provided in the .I arg2 -argument (converted to +argument (cast to .IR key_serial_t ) to the permissions provided in the .I arg3 -argument (converted to +argument (cast to .IR key_perms_t ). The key must grant .I setattr @@ -305,7 +305,7 @@ via the function Describe a key. The ID of the key to be described should be provided in the .I arg2 -argument (converted to +argument (cast to .IR key_serial_t ). The .I arg3 @@ -342,7 +342,7 @@ via the function .B KEYCTL_CLEAR Clear the contents of the keyring with the ID provided in the .I arg2 -argument (converted to +argument (cast to .IR key_serial_t ). The caller must have @@ -364,11 +364,11 @@ via the function .B KEYCTL_LINK Link a key (provided in the .I arg2 -argument converted to +argument cast to .I key_serial_t type) to a keyring (provided in the .I arg3 -argument converted to +argument cast to .I key_serial_t type) of there is no matching key in the keyring, or replace the link to the matching key with a link to the new key. @@ -393,11 +393,11 @@ via the function .B KEYCTL_UNLINK Unlink a key (provided in the .I arg2 -argument converted to +argument cast to .I key_serial_t type) from a keyring (provided in the .I arg3 -argument converted to +argument cast to .I key_serial_t type). @@ -422,9 +422,8 @@ via the function .B KEYCTL_SEARCH Search for a key in a keyring with the ID provided in the .I arg2 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). The .I arg3 argument should be a @@ -448,9 +447,9 @@ permission can be found. If the .I arg5 -argument (converted to -.I key_serial_t -type) contains a non-zero value, it is interpreted as a keyring ID to which +argument (cast to +.IR key_serial_t ) +contains a non-zero value, it is interpreted as a keyring ID to which the found key should be linked. This operation is exposed by @@ -461,19 +460,16 @@ via the function .B KEYCTL_READ Read the payload of the key whose ID is provided in the .I arg2 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). The payload is placed in the buffer pointed by the .I arg3 -argument (converted to -.I char * -type); +argument (cast to +.IR "char\ *" ); the size of that buffer must be provided in the .I arg4 -argument (converted to kernel's -.I size_t -type). +argument (cast to +.IR size_t ). The key must either grant the caller .I read permission, or it must grant the caller @@ -492,22 +488,20 @@ via the function .B KEYCTL_INSTANTIATE Instantiate a partially constructed key whose ID is provided in the .I arg2 -argument (converted to -.I key_serial_t -type) with a payload pointed by the +argument (cast to +.IR key_serial_t ) +with a payload pointed by the .I arg3 -argument (converted to -.I char * -type) of size provided in the +argument (cast to +.IR "char\ *") +of size provided in the .I arg4 -argument (converted to kernel's -.I size_t -type). +argument (cast to +.IR size_t ). The instantiated key will be linked to the keyring ID which is provided in the .I arg5 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). The caller must have the appropriate instantiation permit set (auth key). This operation is exposed by @@ -518,18 +512,16 @@ via the function .B KEYCTL_NEGATE Negatively instantiate a partially constructed key with the ID provided in the .I arg2 -argument (converted to -.I key_serial_t -type), setting the timeout (in seconds) to the value provided in the +argument (cast to +.IR key_serial_t ), +setting the timeout (in seconds) to the value provided in the .I arg3 -argument (converted to -.I unsigned int -type). +argument (cast to +.IR "unsigned int" ). The instantiated key will be linked to the keyring ID which is provided in the .I arg4 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). The caller must have the appropriate instantiation permit set (authorization key, see @@ -561,9 +553,9 @@ Read or set the default keyring in which will cache keys. The .I arg2 -argument (converted to -.I int -type) should contain one of the following values, defined in +argument (cast to +.IR int ) +should contain one of the following values, defined in .IR : .RS .TP 33 @@ -612,13 +604,12 @@ via the function Set timeout on a key. ID of a key provided in the .I arg2 -argument (converted to -.I key_serial_t -type), timeout value (in seconds from current time) provided in the +argument (cast to +.IR key_serial_t ), +timeout value (in seconds from current time) provided in the .I arg3 -argument (converted to -.I unsigned int -type). +argument (cast to +.IR "unsigned int" ). The caller must either have the .I setattr @@ -643,9 +634,8 @@ via the function Assume (or clear) the authority for the key instantiation. The ID of the authorization key provided in the .I arg2 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). The caller must have the instantiation key in their process keyrings with a @@ -672,18 +662,16 @@ via the function Get the LSM security label of the specified key. The ID of the key should be provided in the .I arg2 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). The buffer where the security label should be stored is provided in the .I arg3 -argument (converted to -.I char * -type) with its size provided in the +argument (cast to +.IR "char\ *" ) +with its size provided in the .I arg4 -argument (converted to kernel's -.I size_t -type). +argument (cast to +.IR size_t ). The .I arg5 @@ -725,22 +713,20 @@ via the function .BR KEYCTL_REJECT " (since Linux 2.6.39)" Negatively instantiate a partially constructed key with the ID provided in the .I arg2 -argument (converted to -.I key_serial_t -type), setting timeout (in seconds) to the value provided in the +argument (cast to +.IR key_serial_t ), +setting timeout (in seconds) to the value provided in the .I arg3 -argument (converted to -.I unsigned int -type) and instantiation error to the value provided in the +argument (cast to +.IR "unsigned int" ) +and instantiation error to the value provided in the .I arg4 -argument (converted to -.I unsigned int -type). +argument (cast to +.IR "unsigned int" ). The instantiated key will be linked to the keyring ID which is provided in the .I arg5 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). The caller must have the appropriate instantiation permit set (authorization key, see @@ -793,9 +779,8 @@ via the function .BR KEYCTL_INVALIDATE " (since Linux 3.5)" Invalidate a key with the ID provided in the .I arg2 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). The caller must have .I search @@ -819,13 +804,12 @@ via the function .BR KEYCTL_GET_PERSISTENT " (since Linux 3.13)" Get the persistent keyring of the user specified in the .I arg2 -(converted to -.I uid_t -type) and link it to the keyring with the ID provided in the +(cast to +.IR uid_t ) +and link it to the keyring with the ID provided in the .I arg3 -argument (converted to -.I key_serial_t -type). +argument (cast to +.IR key_serial_t ). If \-1 is provided as UID, current user's ID is used. The arguments @@ -868,13 +852,12 @@ The result is calculated as The .I arg3 -argument (converted to -.I char * -type) should point to an output buffer whose size is passed in the +argument (cast to +.IR "char\ *" ) +should point to an output buffer whose size is passed in the .I arg4 -argument (converted to kernel's -.I size_t -type). +argument (cast to +.IR size_t ). The buffer should be big enough in order to accommodate the output data, otherwise an error is returned. A NULL pointer can be provided as buffer in order