NAME
keyctl_watch_key - Watch for changes to a key
SYNOPSIS
#include <keyutils.h>
long
keyctl_watch_key(key_serial_t key,
int watch_queue_fd
int watch_id);
DESCRIPTION
keyctl_watch_key() sets or removes a watch on key.
watch_id specifies the ID for a watch that will be included in notification messages. It can be between 0 and 255 to add a key; it should be -1 to remove a key.
watch_queue_fd is a file descriptor attached to a watch_queue device instance. Multiple openings of a device provide separate instances. Each device instance can only have one watch on any particular key.
Notification
Record
Key-specific notification messages that the kernel emits
into the buffer have the following format:
struct key_notification {
|
struct watch_notification watch; |
||||
|
__u32 |
key_id; | |||
|
__u32 |
aux; |
};
The
watch.type field will be set to
WATCH_TYPE_KEY_NOTIFY and the watch.subtype
field will contain one of the following constants,
indicating the event that occurred and the watch_id passed
to keyctl_watch_key() will be placed in watch.info in
the ID field. The following events are defined:
NOTIFY_KEY_INSTANTIATED
This indicates that a watched key got instantiated or negatively instantiated. key_id indicates the key that was instantiated and aux is unused.
NOTIFY_KEY_UPDATED
This indicates that a watched key got updated or instantiated by update. key_id indicates the key that was updated and aux is unused.
NOTIFY_KEY_LINKED
This indicates that a key got linked into a watched keyring. key_id indicates the keyring that was modified aux indicates the key that was added.
NOTIFY_KEY_UNLINKED
This indicates that a key got unlinked from a watched keyring. key_id indicates the keyring that was modified aux indicates the key that was removed.
NOTIFY_KEY_CLEARED
This indicates that a watched keyring got cleared. key_id indicates the keyring that was cleared and aux is unused.
NOTIFY_KEY_REVOKED
This indicates that a watched key got revoked. key_id indicates the key that was revoked and aux is unused.
NOTIFY_KEY_INVALIDATED
This indicates that a watched key got invalidated. key_id indicates the key that was invalidated and aux is unused.
NOTIFY_KEY_SETATTR
This indicates that a watched key had its attributes (owner, group, permissions, timeout) modified. key_id indicates the key that was modified and aux is unused.
Removal
Notification
When a watched key is garbage collected, all of its watches
are automatically destroyed and a notification is delivered
to each watcher. This will normally be an extended
notification of the form:
struct watch_notification_removal {
|
struct watch_notification watch; |
||||
|
__u64 |
id; |
};
The watch.type field will be set to WATCH_TYPE_META and the watch.subtype field will contain WATCH_META_REMOVAL_NOTIFICATION. If the extended notification is given, then the length will be 2 units, otherwise it will be 1 and only the header will be present.
The watch_id passed to keyctl_watch_key() will be placed in watch.info in the ID field.
If the extension is present, id will be set to the ID of the destroyed key.
RETURN VALUE
On success keyctl_watch_key() returns 0 . On error, the value -1 will be returned and errno will have been set to an appropriate error.
ERRORS
|
ENOKEY |
The specified key does not exist. |
EKEYEXPIRED
The specified key has expired.
EKEYREVOKED
The specified key has been revoked.
|
EACCES |
The named key exists, but does not grant view permission to the calling process. | ||
|
EBUSY |
The specified key already has a watch on it for that device instance (add only). |
EBADSLT
The specified key doesn’t have a watch on it (removal only).
LINKING
This is a library function that can be found in libkeyutils. When linking, -lkeyutils should be specified to the linker.
SEE ALSO
keyctl(1), add_key(2), keyctl(2), request_key(2), keyctl(3), keyrings(7), keyutils(7)