keyctl_restrict_keyring - restrict keys that may be linked to a keyring
#include <keyutils.h>
long keyctl_restrict_keyring(key_serial_t keyring,
const char *type, const char *restriction);
keyctl_restrict_keyring() limits the linkage of keys to the given
keyring using a provided key
type and
restriction scheme.
The available options vary depending on the key type, and typically contain a
restriction name possibly followed by key ids or other data relevant to the
restriction. If the type and restriction are both
NULL, the keyring
will reject all links.
On success
keyctl_restrict_keyring() returns
0. On error, the
value
-1 will be returned and
errno will have been set to an
appropriate error.
- EDEADLK
- A restriction cycle was avoided. Two keyrings cannot
restrict each other.
- EEXIST
- The keyring is already restricted.
- EINVAL
- The restriction string is invalid or too large.
- ENOKEY
- The key type in the restriction is invalid or not
available.
- ENOTDIR
- The provided key id references an item that is not a
keyring.
- ENOENT
- The key type exists but does not support restrictions.
This is a library function that can be found in
libkeyutils. When
linking,
-lkeyutils should be specified to the linker.
keyctl(1),
keyctl(2),
keyctl(3),
keyutils(7)