keyctl_restrict_keyring — restrict keys that may be linked to a keyring
Synopsis
#include <keyutils.h> long keyctl_restrict_keyring(key_serial_t keyring, const char *type, const char *restriction);
Description
keyctl_restrict_keyring() limits the linkage of keys to the given keyring using a provided key type and restriction scheme. The available options vary depending on the key type, and typically contain a restriction name possibly followed by key ids or other data relevant to the restriction. If the type and restriction are both NULL, the keyring will reject all links.
Return Value
On success keyctl_restrict_keyring() returns 0. On error, the value -1 will be returned and errno will have been set to an appropriate error.
Errors
- EDEADLK
A restriction cycle was avoided. Two keyrings cannot restrict each other.
- EEXIST
The keyring is already restricted.
- EINVAL
The restriction string is invalid or too large.
- ENOKEY
The key type in the restriction is invalid or not available.
- ENOTDIR
The provided key id references an item that is not a keyring.
- ENOENT
The key type exists but does not support restrictions.
Linking
This is a library function that can be found in libkeyutils. When linking, -lkeyutils should be specified to the linker.