keyctl_watch_key - Man Page
Watch for changes to a key
Synopsis
#include <keyutils.h> long keyctl_watch_key(key_serial_t key, int watch_queue_fd int watch_id);
Description
keyctl_watch_key() sets or removes a watch on key.
watch_id specifies the ID for a watch that will be included in notification messages. It can be between 0 and 255 to add a key; it should be -1 to remove a key.
watch_queue_fd is a file descriptor attached to a watch_queue device instance. Multiple openings of a device provide separate instances. Each device instance can only have one watch on any particular key.
Notification Record
Key-specific notification messages that the kernel emits into the buffer have the following format:
struct key_notification { struct watch_notification watch; __u32 key_id; __u32 aux; };
The watch.type field will be set to WATCH_TYPE_KEY_NOTIFY and the watch.subtype field will contain one of the following constants, indicating the event that occurred and the watch_id passed to keyctl_watch_key() will be placed in watch.info in the ID field. The following events are defined:
- NOTIFY_KEY_INSTANTIATED
This indicates that a watched key got instantiated or negatively instantiated. key_id indicates the key that was instantiated and aux is unused.
- NOTIFY_KEY_UPDATED
This indicates that a watched key got updated or instantiated by update. key_id indicates the key that was updated and aux is unused.
- NOTIFY_KEY_LINKED
This indicates that a key got linked into a watched keyring. key_id indicates the keyring that was modified aux indicates the key that was added.
- NOTIFY_KEY_UNLINKED
This indicates that a key got unlinked from a watched keyring. key_id indicates the keyring that was modified aux indicates the key that was removed.
- NOTIFY_KEY_CLEARED
This indicates that a watched keyring got cleared. key_id indicates the keyring that was cleared and aux is unused.
- NOTIFY_KEY_REVOKED
This indicates that a watched key got revoked. key_id indicates the key that was revoked and aux is unused.
- NOTIFY_KEY_INVALIDATED
This indicates that a watched key got invalidated. key_id indicates the key that was invalidated and aux is unused.
- NOTIFY_KEY_SETATTR
This indicates that a watched key had its attributes (owner, group, permissions, timeout) modified. key_id indicates the key that was modified and aux is unused.
Removal Notification
When a watched key is garbage collected, all of its watches are automatically destroyed and a notification is delivered to each watcher. This will normally be an extended notification of the form:
struct watch_notification_removal { struct watch_notification watch; __u64 id; };
The watch.type field will be set to WATCH_TYPE_META and the watch.subtype field will contain WATCH_META_REMOVAL_NOTIFICATION. If the extended notification is given, then the length will be 2 units, otherwise it will be 1 and only the header will be present.
The watch_id passed to keyctl_watch_key() will be placed in watch.info in the ID field.
If the extension is present, id will be set to the ID of the destroyed key.
Return Value
On success keyctl_watch_key() returns 0 . On error, the value -1 will be returned and errno will have been set to an appropriate error.
Errors
- ENOKEY
The specified key does not exist.
- EKEYEXPIRED
The specified key has expired.
- EKEYREVOKED
The specified key has been revoked.
- EACCES
The named key exists, but does not grant view permission to the calling process.
- EBUSY
The specified key already has a watch on it for that device instance (add only).
- EBADSLT
The specified key doesn't have a watch on it (removal only).
Linking
This is a library function that can be found in libkeyutils. When linking, -lkeyutils should be specified to the linker.
See Also
keyctl(1), add_key(2), keyctl(2), request_key(2), keyctl(3), keyrings(7), keyutils(7)