Provided by: manpages-dev_6.16-1_all 
NAME
KEYCTL_GET_SECURITY - manipulate the kernel's key management facility
LIBRARY
Standard C library (libc, -lc)
SYNOPSIS
#include <linux/keyctl.h> /* Definition of KEY* constants */
#include <sys/syscall.h> /* Definition of SYS_* constants */
#include <unistd.h>
long syscall(size_t n;
SYS_keyctl, KEYCTL_GET_SECURITY, key_serial_t key,
char buf[_Nullable n], size_t n);
DESCRIPTION
KEYCTL_GET_SECURITY (since Linux 2.6.26)
Get the LSM (Linux Security Module) security label of the specified key.
The ID of the key whose security label is to be fetched is specified in key. The security label
(terminated by a null byte) will be placed in the buffer pointed to by buf argument; the size of the
buffer must be provided in n.
If buf is specified as NULL or the buffer size specified in n is too small, the full size of the security
label string (including the terminating null byte) is returned as the function result, and nothing is
copied to the buffer.
The caller must have view permission on the specified key.
The returned security label string will be rendered in a form appropriate to the LSM in force. For
example, with SELinux, it may look like:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
If no LSM is currently in force, then an empty string is placed in the buffer.
RETURN VALUE
On success, the size of the LSM security label string (including the terminating null byte), irrespective
of the provided buffer size.
On error, -1 is returned, and errno is set to indicate the error.
VERSIONS
A wrapper is provided in the libkeyutils library: keyctl_get_security(3).
STANDARDS
Linux.
HISTORY
Linux 2.6.26.
SEE ALSO
keyctl(2), keyctl_get_security(3), keyctl_get_security_alloc(3)
Linux man-pages 6.16 2025-06-28 KEYCTL_GET_SECURITY(2const)