Marks a key as negatively instantiated and sets the expiration timer on it.
If the kernel calls back to userspace to complete the instantiation of a key, userspace should use this call mark the key as negative before the invoked process returns if it is unable to fulfil the request.
Arguments
ecx |
Key serial number. |
edx |
32bit value that specifies the lifetime of the key in seconds. |
edi |
Keyring serial number. If it's specified (non-zero), the key will also be linked into this keyring, however all the constraints applying in KEYCTL_LINK apply in this case too.
The destination keyring, if given, is assumed to belong to the initial requester, and not the instantiating process. Therefore, the special keyring IDs refer to the requesting process's keyrings, not the caller's, and the requester's UID, etc. will be used to access them.
|
Return values
If the system call succeeds the return value is 0.
If the system call fails the return value is one of the following errno values:
-ENOKEY |
No matching key was found. |
-EKEYEXPIRED |
The keyring specified has expired. |
-EKEYREVOKED |
The keyring specified had been revoked. |
-EACCES |
The key exists, but is not writable by the requester. |
-ENOMEM |
Insufficient memory to store the new payload or to expand the destination keyring. |
-EDQUOT |
The key quota for the key's user would be exceeded by increasing the size of the key to accommodate the new payload or the key quota for the keyring's user would be exceeded by expanding the destination keyring. |
-EINVAL |
The payload data was invalid. |
|
Remarks
Only a key for which authority has been assumed may be instantiated or negatively instantiated, and once instantiated, the authorisation key will be revoked and the requesting process will be able to resume.
|