KEYCTL_GET_SECURITY(2const) KEYCTL_GET_SECURITY(2const)

KEYCTL_GET_SECURITY - manipulate the kernel's key management facility

Standard C library (libc-lc)

#include <linux/keyctl.h>  /* Definition of KEY* constants */
#include <sys/syscall.h>   /* Definition of SYS_* constants */
#include <unistd.h>
long syscall(SYS_keyctl, KEYCTL_GET_SECURITY, key_serial_t key,
             char buf[_Nullable .n], size_t n);

Get the LSM (Linux Security Module) security label of the specified key.

The ID of the key whose security label is to be fetched is specified in key. The security label (terminated by a null byte) will be placed in the buffer pointed to by buf argument; the size of the buffer must be provided in n.

If buf is specified as NULL or the buffer size specified in n is too small, the full size of the security label string (including the terminating null byte) is returned as the function result, and nothing is copied to the buffer.

The caller must have view permission on the specified key.

The returned security label string will be rendered in a form appropriate to the LSM in force. For example, with SELinux, it may look like:


unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

If no LSM is currently in force, then an empty string is placed in the buffer.

On success, the size of the LSM security label string (including the terminating null byte), irrespective of the provided buffer size.

On error, -1 is returned, and errno is set to indicate the error.

A wrapper is provided in the libkeyutils library: keyctl_get_security(3).

Linux.

Linux 2.6.26.

keyctl(2), keyctl_get_security(3), keyctl_get_security_alloc(3)

2024-08-21 Linux man-pages 6.10