KEYCTL_NEGATE


Marks a key as negatively instantiated and sets the expiration timer on it.

If the kernel calls back to userspace to complete the instantiation of a key, userspace should use this call mark the key as negative before the invoked process returns if it is unable to fulfil the request.

Arguments

ecx Key serial number.
edx 32bit value that specifies the lifetime of the key in seconds.
edi

Keyring serial number. If it's specified (non-zero), the key will also be linked into this keyring, however all the constraints applying in KEYCTL_LINK apply in this case too.
The destination keyring, if given, is assumed to belong to the initial requester, and not the instantiating process. Therefore, the special keyring IDs refer to the requesting process's keyrings, not the caller's, and the requester's UID, etc. will be used to access them.

Return values

If the system call succeeds the return value is 0.
If the system call fails the return value is one of the following errno values:

-ENOKEY No matching key was found.
-EKEYEXPIRED The keyring specified has expired.
-EKEYREVOKED The keyring specified had been revoked.
-EACCES The key exists, but is not writable by the requester.
-ENOMEM Insufficient memory to store the new payload or to expand the destination keyring.
-EDQUOT The key quota for the key's user would be exceeded by increasing the size of the key to accommodate the new payload or the key quota for the keyring's user would be exceeded by expanding the destination keyring.
-EINVAL The payload data was invalid.

Remarks

Only a key for which authority has been assumed may be instantiated or negatively instantiated, and once instantiated, the authorisation key will be revoked and the requesting process will be able to resume.