Changes the permissions mask on a key.
Arguments
ecx |
Key serial number. It may be one of the following special values:
KEY_SPEC_THREAD_KEYRING |
Caller's thread-specific keyring. |
KEY_SPEC_PROCESS_KEYRING |
Caller's process-specific keyring. |
KEY_SPEC_SESSION_KEYRING |
Caller's session-specific keyring. |
KEY_SPEC_USER_KEYRING |
Caller's UID-specific keyring. |
KEY_SPEC_USER_SESSION_KEYRING |
Caller's UID-session keyring. |
KEY_SPEC_GROUP_KEYRING |
Caller's GID-specific keyring. |
KEY_SPEC_REQKEY_AUTH_KEY |
This specifies the authorization key created by request_key() and passed to the process it spawns to generate a key. If a valid keyring ID is passed in, then this will simply be returned if the key exists; an error will be issued if it doesn't exist. |
|
|
edx |
Permission mask. It is a result of a bitwise-or operation of the following flags:
KEY_xxx_VIEW |
Grant permission to view the attributes of a key. |
KEY_xxx_READ |
Grant permission to read the payload of a key or to list a keyring. |
KEY_xxx_WRITE |
Grant permission to modify the payload of a key or to add or remove links to/from a keyring. |
KEY_xxx_SEARCH |
Grant permission to find a key or to search a keyring. |
KEY_xxx_LINK |
Grant permission to make links to a key. |
KEY_xxx_SETATTR |
Grant permission to change the ownership and permissions attributes of a key. |
KEY_xxx_ALL |
Grant all the above. |
|
'xxx' should be replace by one of the following specifying to whom the permission should be granted:
POS |
Grant the permission to a process that possesses the key (has it attached searchably to one of the process's keyrings). |
USR |
Grant the permission to a process with the same UID as the key. |
GRP
|
Grant the permission to a process with the same GID as the key, or with a match for the key's GID amongst that process's Groups list. |
OTH
|
Grant the permission to any other process. Examples include: KEY_POS_VIEW, KEY_USR_READ, KEY_GRP_SEARCH and KEY_OTH_ALL. User, group and other grants are exclusive: if a process qualifies in the 'user' category, it will not qualify in the 'groups' category; and if a process qualifies in either 'user' or 'groups' then it will not qualify in the 'other' category. Possessor grants are cumulative with the grants from the 'user', 'groups' and 'other' categories. |
|
|
Return values
If the system call succeeds the return value is 0.
If the system call fails the return value is one of the following errno values:
-ENOKEY |
No matching key was found. |
-EKEYEXPIRED |
The specified key has expired. |
-EKEYREVOKED |
The specified key has been revoked. |
-EACCES |
The named key exists, but does not grant SETATTR permission to the calling process. |
|
Remarks
A process that does not have the SysAdmin capability may not change the permissions mask on a key that doesn't have the same UID as the caller. The caller must have SETATTR permission on a key to be able change its permissions mask.
|