Provided by: libkeyutils-dev_1.6.3-3build1_amd64 bug

NAME

       keyctl_capabilities - Query subsystem capabilities

SYNOPSIS

       #include <keyutils.h>

       long keyctl_capabilities(unsigned char *buffer, size_t buflen);

DESCRIPTION

       keyctl_capabilities()  queries  the  keyrings  subsystem  in  the  kernel to ask about its
       capabilities and fills in the array in the buffer with bits that indicate the presence  or
       absence of specific features in the keyrings subsystem.

       The  function  returns  the  amount  of data the kernel has available, irrespective of the
       amount of buffer space available.  If the buffer is shorter than the data,  a  short  copy
       will be made; if the buffer is larger than the data, the excess space will be cleared.

       If  this operation is not available in the kernel, the keyutils library will emulate it as
       best it can and the capability bit that indicates if the  kernel  operation  is  available
       will be cleared.

       In buffer[0], the following capabilities exist:

       KEYCTL_CAPS0_CAPABILITIES
              This  is set if the kernel supports this operation and cleared otherwise.  If it is
              cleared, the rest of the flags are emulated.

       KEYCTL_CAPS0_PERSISTENT_KEYRINGS
              This is set if the kernel supports persistent keyrings and cleared otherwise.   See
              keyctl_get_persistent(3).

       KEYCTL_CAPS0_DIFFIE_HELLMAN
              This  is  set  if  the  kernel  supports  Diffie-Hellman  calculation  and  cleared
              otherwise.  See keyctl_dh_compute(3).

       KEYCTL_CAPS0_PUBLIC_KEY
              This is set if the kernel supports public-key  operations  and  cleared  otherwise.
              See keyctl_pkey_query(3).

       KEYCTL_CAPS0_BIG_KEY
              This is set if the kernel supports the big_key key type and cleared otherwise.

       KEYCTL_CAPS0_INVALIDATE
              This  is  set  if  the kernel supports key invalidation and cleared otherwise.  See
              keyctl_invalidate(3).

       KEYCTL_CAPS0_RESTRICT_KEYRING
              This is set if the kernel supports restrictions on keyrings and cleared  otherwise.
              See keyctl_restrict_keyring(3).

       KEYCTL_CAPS0_MOVE
              This  is  set  if the kernel supports the move key operation and cleared otherwise.
              See keyctl_move(3).

       In buffer[1], the following capabilities exist:

       KEYCTL_CAPS1_NS_KEYRING_NAME
              This is set if the keyring names are segregated according to the user-namespace  in
              which a keyring is created.

       KEYCTL_CAPS1_NS_KEY_TAG
              This  is  set if a key or keyring may get tagged with a namespace, thereby allowing
              multiple keys with the same type and description, but different namespace tags,  to
              coexist  within  the  same  keyring.  Tagging may be automatic depending on the key
              type.  Only network-namespace tagging is currently used.

RETURN VALUE

       On  success  keyctl_capabilities()  returns  the  size  of  the  data  it  has  available,
       irrespective of the size of the buffer.  On error, the value -1 will be returned and errno
       will have been set to an appropriate error.

ERRORS

       EFAULT The buffer cannot be written to.

LINKING

       This is a library function that can be found in  libkeyutils.   When  linking,  -lkeyutils
       should be specified to the linker.

SEE ALSO

       keyctl(1), add_key(2), keyctl(2), request_key(2), keyctl(3), keyrings(7), keyutils(7)