keyctl_capabilities - Query subsystem capabilities
#include <keyutils.h>
long keyctl_capabilities(unsigned char *buffer, size_t buflen);
keyctl_capabilities() queries the keyrings subsystem in the
kernel to ask about its capabilities and fills in the array in the buffer
with bits that indicate the presence or absence of specific features in the
keyrings subsystem.
The function returns the amount of data the kernel has available,
irrespective of the amount of buffer space available. If the buffer is
shorter than the data, a short copy will be made; if the buffer is larger
than the data, the excess space will be cleared.
If this operation is not available in the kernel, the keyutils
library will emulate it as best it can and the capability bit that indicates
if the kernel operation is available will be cleared.
In buffer[0], the following capabilities exist:
- KEYCTL_CAPS0_CAPABILITIES
- This is set if the kernel supports this operation and cleared otherwise.
If it is cleared, the rest of the flags are emulated.
- KEYCTL_CAPS0_PERSISTENT_KEYRINGS
- This is set if the kernel supports persistent keyrings and cleared
otherwise. See keyctl_get_persistent(3).
- KEYCTL_CAPS0_DIFFIE_HELLMAN
- This is set if the kernel supports Diffie-Hellman calculation and cleared
otherwise. See keyctl_dh_compute(3).
- KEYCTL_CAPS0_PUBLIC_KEY
- This is set if the kernel supports public-key operations and cleared
otherwise. See keyctl_pkey_query(3).
- KEYCTL_CAPS0_BIG_KEY
- This is set if the kernel supports the big_key key type and cleared
otherwise.
- KEYCTL_CAPS0_INVALIDATE
- This is set if the kernel supports key invalidation and cleared otherwise.
See keyctl_invalidate(3).
- KEYCTL_CAPS0_RESTRICT_KEYRING
- This is set if the kernel supports restrictions on keyrings and cleared
otherwise. See keyctl_restrict_keyring(3).
- KEYCTL_CAPS0_MOVE
- This is set if the kernel supports the move key operation and cleared
otherwise. See keyctl_move(3).
In buffer[1], the following capabilities exist:
- KEYCTL_CAPS1_NS_KEYRING_NAME
- This is set if the keyring names are segregated according to the
user-namespace in which a keyring is created.
- KEYCTL_CAPS1_NS_KEY_TAG
- This is set if a key or keyring may get tagged with a namespace, thereby
allowing multiple keys with the same type and description, but different
namespace tags, to coexist within the same keyring. Tagging may be
automatic depending on the key type. Only network-namespace tagging is
currently used.
On success keyctl_capabilities() returns the size of the
data it has available, irrespective of the size of the buffer. On error, the
value -1 will be returned and errno will have been set to an
appropriate error.
- EFAULT
- The buffer cannot be written to.
This is a library function that can be found in
libkeyutils. When linking, -lkeyutils should be specified to
the linker.
keyctl(1), add_key(2), keyctl(2),
request_key(2), keyctl(3), keyrings(7),
keyutils(7)