KEYCTL_REVOKE


Marks a key as being revoked. After this operation has been performed on a key, attempts to access it will meet with error -EKEYREVOKED.

Arguments

ecx Key serial number. It may be one of the following special values:

KEY_SPEC_THREAD_KEYRING Caller's thread-specific keyring.
KEY_SPEC_PROCESS_KEYRING Caller's process-specific keyring.
KEY_SPEC_SESSION_KEYRING Caller's session-specific keyring.
KEY_SPEC_USER_KEYRING Caller's UID-specific keyring.
KEY_SPEC_USER_SESSION_KEYRING Caller's UID-session keyring.
KEY_SPEC_GROUP_KEYRING Caller's GID-specific keyring.
KEY_SPEC_REQKEY_AUTH_KEY This specifies the authorization key created by request_key() and passed to the process it spawns to generate a key. If a valid keyring ID is passed in, then this will simply be returned if the key exists; an error will be issued if it doesn't exist.

Return values

If the system call succeeds the return value is 0.
If the system call fails the return value is one of the following errno values:

-ENOKEY No matching key was found.
-EKEYREVOKED The key has already been revoked.
-EACCES The named key exists, but is not writable by the calling process.

Remarks

The caller must have write permission on a key to be able revoke it.