keyctl_restrict_keyring — restrict keys that may be linked to a keyring
#include <keyutils.h> long keyctl_restrict_keyring(key_serial_t keyring, const char *type, const char *restriction);
keyctl_restrict_keyring() limits the linkage of keys to the given keyring using a provided key type and restriction scheme. The available options vary depending on the key type, and typically contain a restriction name possibly followed by key ids or other data relevant to the restriction. If the type and restriction are both NULL, the keyring will reject all links.
On success keyctl_restrict_keyring() returns 0. On error, the value -1 will be returned and errno will have been set to an appropriate error.
A restriction cycle was avoided. Two keyrings cannot restrict each other.
The keyring is already restricted.
The restriction string is invalid or too large.
The key type in the restriction is invalid or not available.
The provided key id references an item that is not a keyring.
The key type exists but does not support restrictions.
keyctl(1), keyctl(2), keyctl(3), keyutils(7)