KEYCTL_CHOWN


Changes the user and group ownership details of a key.

Arguments

ecx Key serial number. It may be one of the following special values:

KEY_SPEC_THREAD_KEYRING Caller's thread-specific keyring.
KEY_SPEC_PROCESS_KEYRING Caller's process-specific keyring.
KEY_SPEC_SESSION_KEYRING Caller's session-specific keyring.
KEY_SPEC_USER_KEYRING Caller's UID-specific keyring.
KEY_SPEC_USER_SESSION_KEYRING Caller's UID-session keyring.
KEY_SPEC_GROUP_KEYRING Caller's GID-specific keyring.
KEY_SPEC_REQKEY_AUTH_KEY This specifies the authorization key created by request_key() and passed to the process it spawns to generate a key. If a valid keyring ID is passed in, then this will simply be returned if the key exists; an error will be issued if it doesn't exist.
edx Key's UID. A value of -1 causes this setting to be ignored.
esi Key's GID. A value of -1 causes this setting to be ignored.

Return values

If the system call succeeds the return value is 0.
If the system call fails the return value is one of the following errno values:

-ENOKEY No matching key was found.
-EKEYEXPIRED The specified key has expired.
-EKEYREVOKED The specified key has been revoked.
-EDQUOT Changing the UID to the one specified would run that UID out of quota.
-EACCES The key exists, but does not grant SETATTR permission to the calling process.

Remarks

A process that does not have the SysAdmin capability may not change a key's UID or set the key's GID to a value that does not match the process's GID or one of its group list. The caller must have SETATTR permission on a key to be able change its ownership.