keyctl_capabilities - Query subsystem capabilities
#include <keyutils.h>
long keyctl_capabilities(unsigned char *buffer, size_t buflen);
keyctl_capabilities() queries the keyrings subsystem in the kernel to ask
about its capabilities and fills in the array in the buffer with bits that
indicate the presence or absence of specific features in the keyrings
subsystem.
The function returns the amount of data the kernel has available, irrespective
of the amount of buffer space available. If the buffer is shorter than the
data, a short copy will be made; if the buffer is larger than the data, the
excess space will be cleared.
If this operation is not available in the kernel, the keyutils library will
emulate it as best it can and the capability bit that indicates if the kernel
operation is available will be cleared.
In
buffer[0], the following capabilities exist:
- KEYCTL_CAPS0_CAPABILITIES
- This is set if the kernel supports this operation and
cleared otherwise. If it is cleared, the rest of the flags are
emulated.
- KEYCTL_CAPS0_PERSISTENT_KEYRINGS
- This is set if the kernel supports persistent keyrings and
cleared otherwise. See keyctl_get_persistent(3).
- KEYCTL_CAPS0_DIFFIE_HELLMAN
- This is set if the kernel supports Diffie-Hellman
calculation and cleared otherwise. See
keyctl_dh_compute(3).
- KEYCTL_CAPS0_PUBLIC_KEY
- This is set if the kernel supports public-key operations
and cleared otherwise. See keyctl_pkey_query(3).
- KEYCTL_CAPS0_BIG_KEY
- This is set if the kernel supports the big_key key type and
cleared otherwise.
- KEYCTL_CAPS0_INVALIDATE
- This is set if the kernel supports key invalidation and
cleared otherwise. See keyctl_invalidate(3).
- KEYCTL_CAPS0_RESTRICT_KEYRING
- This is set if the kernel supports restrictions on keyrings
and cleared otherwise. See keyctl_restrict_keyring(3).
- KEYCTL_CAPS0_MOVE
- This is set if the kernel supports the move key operation
and cleared otherwise. See keyctl_move(3).
In
buffer[1], the following capabilities exist:
- KEYCTL_CAPS1_NS_KEYRING_NAME
- This is set if the keyring names are segregated according
to the user-namespace in which a keyring is created.
- KEYCTL_CAPS1_NS_KEY_TAG
- This is set if a key or keyring may get tagged with a
namespace, thereby allowing multiple keys with the same type and
description, but different namespace tags, to coexist within the same
keyring. Tagging may be automatic depending on the key type. Only
network-namespace tagging is currently used.
On success
keyctl_capabilities() returns the size of the data it has
available, irrespective of the size of the buffer. On error, the value
-1 will be returned and
errno will have been set to an
appropriate error.
- EFAULT
- The buffer cannot be written to.
This is a library function that can be found in
libkeyutils. When
linking,
-lkeyutils should be specified to the linker.
keyctl(1),
add_key(2),
keyctl(2),
request_key(2),
keyctl(3),
keyrings(7),
keyutils(7)