keyctl_capabilities(3) — Linux manual page



NAME         top

       keyctl_capabilities - Query subsystem capabilities

SYNOPSIS         top

       #include <keyutils.h>

       long keyctl_capabilities(unsigned char *buffer, size_t buflen);

DESCRIPTION         top

       keyctl_capabilities() queries the keyrings subsystem in the
       kernel to ask about its capabilities and fills in the array in
       the buffer with bits that indicate the presence or absence of
       specific features in the keyrings subsystem.

       The function returns the amount of data the kernel has available,
       irrespective of the amount of buffer space available.  If the
       buffer is shorter than the data, a short copy will be made; if
       the buffer is larger than the data, the excess space will be

       If this operation is not available in the kernel, the keyutils
       library will emulate it as best it can and the capability bit
       that indicates if the kernel operation is available will be

       In buffer[0], the following capabilities exist:

              This is set if the kernel supports this operation and
              cleared otherwise.  If it is cleared, the rest of the
              flags are emulated.

              This is set if the kernel supports persistent keyrings and
              cleared otherwise.  See keyctl_get_persistent(3).

              This is set if the kernel supports Diffie-Hellman
              calculation and cleared otherwise.  See

              This is set if the kernel supports public-key operations
              and cleared otherwise.  See keyctl_pkey_query(3).

              This is set if the kernel supports the big_key key type
              and cleared otherwise.

              This is set if the kernel supports key invalidation and
              cleared otherwise.  See keyctl_invalidate(3).

              This is set if the kernel supports restrictions on
              keyrings and cleared otherwise.  See

              This is set if the kernel supports the move key operation
              and cleared otherwise.  See keyctl_move(3).

       In buffer[1], the following capabilities exist:

              This is set if the keyring names are segregated according
              to the user-namespace in which a keyring is created.

              This is set if a key or keyring may get tagged with a
              namespace, thereby allowing multiple keys with the same
              type and description, but different namespace tags, to
              coexist within the same keyring.  Tagging may be automatic
              depending on the key type.  Only network-namespace tagging
              is currently used.

RETURN VALUE         top

       On success keyctl_capabilities() returns the size of the data it
       has available, irrespective of the size of the buffer.  On error,
       the value -1 will be returned and errno will have been set to an
       appropriate error.

ERRORS         top

       EFAULT The buffer cannot be written to.

LINKING         top

       This is a library function that can be found in libkeyutils.
       When linking, -lkeyutils should be specified to the linker.

SEE ALSO         top

       keyctl(1), add_key(2), keyctl(2), request_key(2), keyctl(3),
       keyrings(7), keyutils(7)

COLOPHON         top

       This page is part of the keyutils (key management utilities)
       project.  Information about the project can be found at [unknown
       -- if you know, please contact] If you have a
       bug report for this manual page, send it to  This page was obtained from the
       project's upstream Git repository
       on 2024-06-14.  (At that time, the date of the most recent commit
       that was found in the repository was 2023-03-20.)  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to

Linux                          30 May 2019        KEYCTL_CAPABILITIES(3)

Pages that refer to this page: keyctl(3)