NAME
keyutils - in-kernel key management utilities
DESCRIPTION
The keyutils package is a library and a set of utilities for accessing the kernel keyrings facility.
A header file is supplied to provide the definitions and declarations required to access the library:
#include <keyutils.h>
To link with the library, the following:
-lkeyutils
should be specified to the linker.
Three system
calls are provided: Supply a new key to the
kernel. Find an existing key for use,
or, optionally, create one if one does not exist. Control a key in various ways.
The library provides a variety of wrappers around this
system call and those should be used rather than calling it
directly. See the
add_key(2), request_key(2), and
keyctl(2) manual pages for more information. The
keyctl() wrappers are listed on the keyctl(3)
manual page. A program is
provided to interact with the kernel facility by a number of
subcommands, e.g.: keyctl add
user foo bar @s See the
keyctl(1) manual page for information on that. The kernel has
the ability to upcall to userspace to fabricate new keys.
This can be triggered by request_key(), but userspace
is better off using add_key() instead if it possibly
can. The upcalling
mechanism is usually routed via the request-key(8)
program. What this does with any particular key is
configurable in: /etc/request-key.conf
See the
request-key.conf(5) and the request-key(8)
manual pages for more information. keyctl(1),
keyctl(3), keyrings(7),
persistent-keyring(7), process-keyring(7),
session-keyring(7), thread-keyring(7),
user-keyring(7), user-session-keyring(7),
pam_keyinit(8)
add_key(2)
UTILITIES
/etc/request-key.d/SEE ALSO