Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   keyctl    ( 2 )

манипулировать средствами управления ключами ядра (manipulate the kernel's key management facility)
  Name  |  Synopsis  |  Description  |  Return value  |    Error    |  Versions  |  Conforming to  |  Note  |  Examples  |  See also  |

Ошибки (Error)

EACCES The requested operation wasn't permitted.

EAGAIN operation was KEYCTL_DH_COMPUTE and there was an error during crypto module initialization.

EDEADLK operation was KEYCTL_LINK and the requested link would result in a cycle.

EDEADLK operation was KEYCTL_RESTRICT_KEYRING and the requested keyring restriction would result in a cycle.

EDQUOT The key quota for the caller's user would be exceeded by creating a key or linking it to the keyring.

EEXIST operation was KEYCTL_RESTRICT_KEYRING and keyring provided in arg2 argument already has a restriction set.

EFAULT operation was KEYCTL_DH_COMPUTE and one of the following has failed:

• copying of the struct keyctl_dh_params, provided in the arg2 argument, from user space;

• copying of the struct keyctl_kdf_params, provided in the non-NULL arg5 argument, from user space (in case kernel supports performing KDF operation on DH operation result);

• copying of data pointed by the hashname field of the struct keyctl_kdf_params from user space;

• copying of data pointed by the otherinfo field of the struct keyctl_kdf_params from user space if the otherinfolen field was nonzero;

• copying of the result to user space.

EINVAL operation was KEYCTL_SETPERM and an invalid permission bit was specified in arg3.

EINVAL operation was KEYCTL_SEARCH and the size of the description in arg4 (including the terminating null byte) exceeded 4096 bytes.

EINVAL size of the string (including the terminating null byte) specified in arg3 (the key type) or arg4 (the key description) exceeded the limit (32 bytes and 4096 bytes respectively).

EINVAL (Linux kernels before 4.12) operation was KEYCTL_DH_COMPUTE, argument arg5 was non- NULL.

EINVAL operation was KEYCTL_DH_COMPUTE And the digest size of the hashing algorithm supplied is zero.

EINVAL operation was KEYCTL_DH_COMPUTE and the buffer size provided is not enough to hold the result. Provide 0 as a buffer size in order to obtain the minimum buffer size.

EINVAL operation was KEYCTL_DH_COMPUTE and the hash name provided in the hashname field of the struct keyctl_kdf_params pointed by arg5 argument is too big (the limit is implementation-specific and varies between kernel versions, but it is deemed big enough for all valid algorithm names).

EINVAL operation was KEYCTL_DH_COMPUTE and the __spare field of the struct keyctl_kdf_params provided in the arg5 argument contains nonzero values.

EKEYEXPIRED An expired key was found or specified.

EKEYREJECTED A rejected key was found or specified.

EKEYREVOKED A revoked key was found or specified.

ELOOP operation was KEYCTL_LINK and the requested link would cause the maximum nesting depth for keyrings to be exceeded.

EMSGSIZE operation was KEYCTL_DH_COMPUTE and the buffer length exceeds KEYCTL_KDF_MAX_OUTPUT_LEN (which is 1024 currently) or the otherinfolen field of the struct keyctl_kdf_parms passed in arg5 exceeds KEYCTL_KDF_MAX_OI_LEN (which is 64 currently).

ENFILE (Linux kernels before 3.13) operation was KEYCTL_LINK and the keyring is full. (Before Linux 3.13, the available space for storing keyring links was limited to a single page of memory; since Linux 3.13, there is no fixed limit.)

ENOENT operation was KEYCTL_UNLINK and the key to be unlinked isn't linked to the keyring.

ENOENT operation was KEYCTL_DH_COMPUTE and the hashing algorithm specified in the hashname field of the struct keyctl_kdf_params pointed by arg5 argument hasn't been found.

ENOENT operation was KEYCTL_RESTRICT_KEYRING and the type provided in arg3 argument doesn't support setting key linking restrictions.

ENOKEY No matching key was found or an invalid key was specified.

ENOKEY The value KEYCTL_GET_KEYRING_ID was specified in operation, the key specified in arg2 did not exist, and arg3 was zero (meaning don't create the key if it didn't exist).

ENOMEM One of kernel memory allocation routines failed during the execution of the syscall.

ENOTDIR A key of keyring type was expected but the ID of a key with a different type was provided.

EOPNOTSUPP operation was KEYCTL_READ and the key type does not support reading (e.g., the type is "login").

EOPNOTSUPP operation was KEYCTL_UPDATE and the key type does not support updating.

EOPNOTSUPP operation was KEYCTL_RESTRICT_KEYRING, the type provided in arg3 argument was "asymmetric", and the key specified in the restriction specification provided in arg4 has type other than "asymmetric" or "keyring".

EPERM operation was KEYCTL_GET_PERSISTENT, arg2 specified a UID other than the calling thread's real or effective UID, and the caller did not have the CAP_SETUID capability.

EPERM operation was KEYCTL_SESSION_TO_PARENT and either: all of the UIDs (GIDs) of the parent process do not match the effective UID (GID) of the calling process; the UID of the parent's existing session keyring or the UID of the caller's session keyring did not match the effective UID of the caller; the parent process is not single-thread; or the parent process is init(1) or a kernel thread.

ETIMEDOUT operation was KEYCTL_DH_COMPUTE and the initialization of crypto modules has timed out.