keyctl_get_security(3) — Linux manual page

KEYCTL_GET_SECURITY(3)  Linux Key Management Calls KEYCTL_GET_SECURITY(3)

NAME         top

       keyctl_get_security - retrieve a key's security context

SYNOPSIS         top

       #include <keyutils.h>

       long keyctl_get_security(key_serial_t key, char *buffer,
       size_t buflen);

       long keyctl_get_security_alloc(key_serial_t key, char **_buffer);

DESCRIPTION         top

       keyctl_get_security() retrieves the security context of a key as a
       NUL-terminated string.  This will be rendered in a form
       appropriate to the LSM in force - for instance, with SELinux, it
       may look like

              unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

       The caller must have view permission on a key to be able to get
       its security context.

       buffer and buflen specify the buffer into which the string will be
       placed.  If the buffer is too small, the full size of the string
       will be returned, and no copy will take place.

       keyctl_get_security_alloc() is similar to keyctl_get_security()
       except that it allocates a buffer big enough to hold the string
       and copies the string into it.  If successful, A pointer to the
       buffer is placed in *_buffer.  The caller must free the buffer.

RETURN VALUE         top

       On success keyctl_get_security() returns the amount of data placed
       into the buffer.  If the buffer was too small, then the size of
       buffer required will be returned, but no data will be transferred.
       On error, the value -1 will be returned and errno will have been
       set to an appropriate error.

       On success keyctl_get_security_alloc() returns the amount of data
       in the buffer, less the NUL terminator.  On error, the value -1
       will be returned and errno will have been set to an appropriate
       error.

ERRORS         top

       ENOKEY The key specified is invalid.

       EKEYEXPIRED
              The key specified has expired.

       EKEYREVOKED
              The key specified had been revoked.

       EACCES The key exists, but is not viewable by the calling process.

LINKING         top

       This is a library function that can be found in libkeyutils.  When
       linking, -lkeyutils should be specified to the linker.

SEE ALSO         top

       keyctl(1), add_key(2), keyctl(2), request_key(2), keyctl(3),
       keyrings(7), keyutils(7)

COLOPHON         top

       This page is part of the keyutils (key management utilities)
       project.  Information about the project can be found at [unknown
       -- if you know, please contact [email protected]] If you have a
       bug report for this manual page, send it to
       [email protected].  This page was obtained from the project's
       upstream Git repository
       ⟨http://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git⟩
       on 2025-08-11.  (At that time, the date of the most recent commit
       that was found in the repository was 2023-03-20.)  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a
       mail to [email protected]

Linux                          26 Feb 2010         KEYCTL_GET_SECURITY(3)

Pages that refer to this page: KEYCTL_GET_SECURITY(2const),  keyctl(3),  keyrings(7)

HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH.