Adding upstream version 4.22.0.upstream/4.22.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 3798 insertions, 0 deletions

diff --git a/templates/man2/keyctl.2.pot b/templates/man2/keyctl.2.pot
new file mode 100644
index 00000000..bab65d40
--- /dev/null
+++ b/templates/man2/keyctl.2.pot
@@ -0,0 +1,3798 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2024-03-01 16:59+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "keyctl"
+msgstr ""
+
+#. type: TH
+#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#, no-wrap
+msgid "2023-11-01"
+msgstr ""
+
+#. type: TH
+#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#, no-wrap
+msgid "Linux man-pages 6.06"
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "NAME"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "keyctl - manipulate the kernel's key management facility"
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "LIBRARY"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Standard C library (I<libc>, I<-lc>)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Alternatively, Linux Key Management Utilities (I<libkeyutils>, I<-"
+"lkeyutils>); see VERSIONS."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"B<#include E<lt>linux/keyctl.hE<gt>>     /* Definition of B<KEY*> constants */\n"
+"B<#include E<lt>sys/syscall.hE<gt>>      /* Definition of B<SYS_*> constants */\n"
+"B<#include E<lt>unistd.hE<gt>>\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"B<long syscall(SYS_keyctl, int >I<operation>B<, unsigned long >I<arg2>B<,>\n"
+"B<             unsigned long >I<arg3>B<, unsigned long >I<arg4>B<,>\n"
+"B<             unsigned long >I<arg5>B<);>\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<Note>: glibc provides no wrapper for B<keyctl>(), necessitating the use of "
+"B<syscall>(2)."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "B<keyctl>()  allows user-space programs to perform key manipulation."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The operation performed by B<keyctl>()  is determined by the value of the "
+"I<operation> argument.  Each of these operations is wrapped by the "
+"I<libkeyutils> library (provided by the I<keyutils> package) into individual "
+"functions (noted below)  to permit the compiler to check types."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The permitted values for I<operation> are:"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_GET_KEYRING_ID> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Map a special key ID to a real key ID for this process."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation looks up the special key whose ID is provided in I<arg2> "
+"(cast to I<key_serial_t>).  If the special key is found, the ID of the "
+"corresponding real key is returned as the function result.  The following "
+"values may be specified in I<arg2>:"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_SPEC_THREAD_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This specifies the calling thread's thread-specific keyring.  See B<thread-"
+"keyring>(7)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_SPEC_PROCESS_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This specifies the caller's process-specific keyring.  See B<process-"
+"keyring>(7)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_SPEC_SESSION_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This specifies the caller's session-specific keyring.  See B<session-"
+"keyring>(7)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_SPEC_USER_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This specifies the caller's UID-specific keyring.  See B<user-keyring>(7)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_SPEC_USER_SESSION_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This specifies the caller's UID-session keyring.  See B<user-session-"
+"keyring>(7)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_SPEC_REQKEY_AUTH_KEY> (since Linux 2.6.16)"
+msgstr ""
+
+#.             commit b5f545c880a2a47947ba2118b2509644ab7a2969
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This specifies the authorization key created by B<request_key>(2)  and "
+"passed to the process it spawns to generate a key.  This key is available "
+"only in a B<request-key>(8)-style program that was passed an authorization "
+"key by the kernel and ceases to be available once the requested key has been "
+"instantiated; see B<request_key>(2)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_SPEC_REQUESTOR_KEYRING> (since Linux 2.6.29)"
+msgstr ""
+
+#.             commit 8bbf4976b59fc9fc2861e79cab7beb3f6d647640
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This specifies the key ID for the B<request_key>(2)  destination keyring.  "
+"This keyring is available only in a B<request-key>(8)-style program that was "
+"passed an authorization key by the kernel and ceases to be available once "
+"the requested key has been instantiated; see B<request_key>(2)."
+msgstr ""
+
+#.  The keyctl_get_keyring_ID.3 page says that a new key
+#.  "will be created *if it is appropriate to do so**. What is the
+#.  determiner for appropriate?
+#.  David Howells: Some special keys such as KEY_SPEC_REQKEY_AUTH_KEY
+#.  wouldn't get created but user/user-session/session keyring would
+#.  be created.
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The behavior if the key specified in I<arg2> does not exist depends on the "
+"value of I<arg3> (cast to I<int>).  If I<arg3> contains a nonzero value, "
+"then\\[em]if it is appropriate to do so (e.g., when looking up the user, "
+"user-session, or session key)\\[em]a new key is created and its real key ID "
+"returned as the function result.  Otherwise, the operation fails with the "
+"error B<ENOKEY>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If a valid key ID is specified in I<arg2>, and the key exists, then this "
+"operation simply returns the key ID.  If the key does not exist, the call "
+"fails with error B<ENOKEY>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The caller must have I<search> permission on a keyring in order for it to be "
+"found."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The arguments I<arg4> and I<arg5> are ignored."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_get_keyring_ID>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_JOIN_SESSION_KEYRING> (since Linux 2.6.10)"
+msgstr ""
+
+#.  This may be useful in conjunction with some sort of
+#.  session management framework that is employed by the application.
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Replace the session keyring this process subscribes to with a new session "
+"keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If I<arg2> is NULL, an anonymous keyring with the description \"_ses\" is "
+"created and the process is subscribed to that keyring as its session "
+"keyring, displacing the previous session keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Otherwise, I<arg2> (cast to I<char\\ *>)  is treated as the description "
+"(name) of a keyring, and the behavior is as follows:"
+msgstr ""
+
+#. type: IP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "\\[bu]"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If a keyring with a matching description exists, the process will attempt to "
+"subscribe to that keyring as its session keyring if possible; if that is not "
+"possible, an error is returned.  In order to subscribe to the keyring, the "
+"caller must have I<search> permission on the keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If a keyring with a matching description does not exist, then a new keyring "
+"with the specified description is created, and the process is subscribed to "
+"that keyring as its session keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The arguments I<arg3>, I<arg4>, and I<arg5> are ignored."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_join_session_keyring>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_UPDATE> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Update a key's data payload."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<arg2> argument (cast to I<key_serial_t>)  specifies the ID of the key "
+"to be updated.  The I<arg3> argument (cast to I<void\\ *>)  points to the "
+"new payload and I<arg4> (cast to I<size_t>)  contains the new payload size "
+"in bytes."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The caller must have I<write> permission on the key specified and the key "
+"type must support updating."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"A negatively instantiated key (see the description of B<KEYCTL_REJECT>)  can "
+"be positively instantiated with this operation."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The I<arg5> argument is ignored."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_update>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_REVOKE> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Revoke the key with the ID provided in I<arg2> (cast to I<key_serial_t>).  "
+"The key is scheduled for garbage collection; it will no longer be findable, "
+"and will be unavailable for further operations.  Further attempts to use the "
+"key will fail with the error B<EKEYREVOKED>."
+msgstr ""
+
+#.  Keys with the KEY_FLAG_KEEP bit set cause an EPERM
+#.  error for KEYCTL_REVOKE. Does this need to be documented?
+#.  David Howells: No significance for user space.
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The caller must have I<write> or I<setattr> permission on the key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_revoke>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_CHOWN> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Change the ownership (user and group ID) of a key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<arg2> argument (cast to I<key_serial_t>)  contains the key ID.  The "
+"I<arg3> argument (cast to I<uid_t>)  contains the new user ID (or -1 in case "
+"the user ID shouldn't be changed).  The I<arg4> argument (cast to I<gid_t>)  "
+"contains the new group ID (or -1 in case the group ID shouldn't be changed)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The key must grant the caller I<setattr> permission."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"For the UID to be changed, or for the GID to be changed to a group the "
+"caller is not a member of, the caller must have the B<CAP_SYS_ADMIN> "
+"capability (see B<capabilities>(7))."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the UID is to be changed, the new user must have sufficient quota to "
+"accept the key.  The quota deduction will be removed from the old user to "
+"the new user should the UID be changed."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_chown>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_SETPERM> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Change the permissions of the key with the ID provided in the I<arg2> "
+"argument (cast to I<key_serial_t>)  to the permissions provided in the "
+"I<arg3> argument (cast to I<key_perm_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the caller doesn't have the B<CAP_SYS_ADMIN> capability, it can change "
+"permissions only for the keys it owns.  (More precisely: the caller's "
+"filesystem UID must match the UID of the key.)"
+msgstr ""
+
+#.  FIXME Above, is it really intended that a privileged process can't
+#.  override the lack of the 'setattr' permission?
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The key must grant I<setattr> permission to the caller I<regardless> of the "
+"caller's capabilities."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The permissions in I<arg3> specify masks of available operations for each of "
+"the following user categories:"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<possessor> (since Linux 2.6.14)"
+msgstr ""
+
+#.  commit 664cceb0093b755739e56572b836a99104ee8a75
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This is the permission granted to a process that possesses the key (has it "
+"attached searchably to one of the process's keyrings); see B<keyrings>(7)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<user>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This is the permission granted to a process whose filesystem UID matches the "
+"UID of the key."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<group>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This is the permission granted to a process whose filesystem GID or any of "
+"its supplementary GIDs matches the GID of the key."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<other>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This is the permission granted to other processes that do not match the "
+"I<user> and I<group> categories."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<user>, I<group>, and I<other> categories are exclusive: if a process "
+"matches the I<user> category, it will not receive permissions granted in the "
+"I<group> category; if a process matches the I<user> or I<group> category, "
+"then it will not receive permissions granted in the I<other> category."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<possessor> category grants permissions that are cumulative with the "
+"grants from the I<user>, I<group>, or I<other> category."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Each permission mask is eight bits in size, with only six bits currently "
+"used.  The available permissions are:"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<view>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "This permission allows reading attributes of a key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "This permission is required for the B<KEYCTL_DESCRIBE> operation."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The permission bits for each category are B<KEY_POS_VIEW>, B<KEY_USR_VIEW>, "
+"B<KEY_GRP_VIEW>, and B<KEY_OTH_VIEW>."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<read>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "This permission allows reading a key's payload."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "This permission is required for the B<KEYCTL_READ> operation."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The permission bits for each category are B<KEY_POS_READ>, B<KEY_USR_READ>, "
+"B<KEY_GRP_READ>, and B<KEY_OTH_READ>."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<write>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This permission allows update or instantiation of a key's payload.  For a "
+"keyring, it allows keys to be linked and unlinked from the keyring,"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This permission is required for the B<KEYCTL_UPDATE>, B<KEYCTL_REVOKE>, "
+"B<KEYCTL_CLEAR>, B<KEYCTL_LINK>, and B<KEYCTL_UNLINK> operations."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The permission bits for each category are B<KEY_POS_WRITE>, "
+"B<KEY_USR_WRITE>, B<KEY_GRP_WRITE>, and B<KEY_OTH_WRITE>."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<search>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This permission allows keyrings to be searched and keys to be found.  "
+"Searches can recurse only into nested keyrings that have I<search> "
+"permission set."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This permission is required for the B<KEYCTL_GET_KEYRING_ID>, "
+"B<KEYCTL_JOIN_SESSION_KEYRING>, B<KEYCTL_SEARCH>, and B<KEYCTL_INVALIDATE> "
+"operations."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The permission bits for each category are B<KEY_POS_SEARCH>, "
+"B<KEY_USR_SEARCH>, B<KEY_GRP_SEARCH>, and B<KEY_OTH_SEARCH>."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<link>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "This permission allows a key or keyring to be linked to."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This permission is required for the B<KEYCTL_LINK> and "
+"B<KEYCTL_SESSION_TO_PARENT> operations."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The permission bits for each category are B<KEY_POS_LINK>, B<KEY_USR_LINK>, "
+"B<KEY_GRP_LINK>, and B<KEY_OTH_LINK>."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "I<setattr> (since Linux 2.6.15)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This permission allows a key's UID, GID, and permissions mask to be changed."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This permission is required for the B<KEYCTL_REVOKE>, B<KEYCTL_CHOWN>, and "
+"B<KEYCTL_SETPERM> operations."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The permission bits for each category are B<KEY_POS_SETATTR>, "
+"B<KEY_USR_SETATTR>, B<KEY_GRP_SETATTR>, and B<KEY_OTH_SETATTR>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"As a convenience, the following macros are defined as masks for all of the "
+"permission bits in each of the user categories: B<KEY_POS_ALL>, "
+"B<KEY_USR_ALL>, B<KEY_GRP_ALL>, and B<KEY_OTH_ALL>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The I<arg4> and I<arg5> arguments are ignored."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_setperm>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_DESCRIBE> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Obtain a string describing the attributes of a specified key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key to be described is specified in I<arg2> (cast to "
+"I<key_serial_t>).  The descriptive string is returned in the buffer pointed "
+"to by I<arg3> (cast to I<char\\~*>); I<arg4> (cast to I<size_t>)  specifies "
+"the size of that buffer in bytes."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The key must grant the caller I<view> permission."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The returned string is null-terminated and contains the following "
+"information about the key:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "I<type>;I<uid>;I<gid>;I<perm>;I<description>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"In the above, I<type> and I<description> are strings, I<uid> and I<gid> are "
+"decimal strings, and I<perm> is a hexadecimal permissions mask.  The "
+"descriptive string is written with the following format:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "%s;%d;%d;%08x;%s\n"
+msgstr ""
+
+#.  FIXME But, the kernel does not enforce the requirement
+#.  that the key description contains no semicolons!
+#.  So, user space has no guarantee here??
+#.  Either something more needs to be said here,
+#.  or a kernel fix is required.
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"B<Note: the intention is that the descriptive string should> B<be extensible "
+"in future kernel versions.> In particular, the I<description> field will not "
+"contain semicolons; it should be parsed by working backwards from the end of "
+"the string to find the last semicolon.  This allows future semicolon-"
+"delimited fields to be inserted in the descriptive string in the future."
+msgstr ""
+
+#.  Function commentary says it copies up to buflen bytes, but see the
+#.  (buffer && buflen >= ret) condition in keyctl_describe_key() in
+#.  security/keyctl.c
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Writing to the buffer is attempted only when I<arg3> is non-NULL and the "
+"specified buffer size is large enough to accept the descriptive string "
+"(including the terminating null byte).  In order to determine whether the "
+"buffer size was too small, check to see if the return value of the operation "
+"is greater than I<arg4>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_describe>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_CLEAR>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Clear the contents of (i.e., unlink all keys from) a keyring."
+msgstr ""
+
+#.  or the error ENOTDIR results
+#.  According to Documentation/security/keys.txt:
+#.      This function can also be used to clear special kernel keyrings if they
+#.      are appropriately marked if the user has CAP_SYS_ADMIN capability.  The
+#.      DNS resolver cache keyring is an example of this.
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key (which must be of keyring type)  is provided in I<arg2> "
+"(cast to I<key_serial_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The caller must have I<write> permission on the keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_clear>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_LINK> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Create a link from a keyring to a key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The key to be linked is specified in I<arg2> (cast to I<key_serial_t>); the "
+"keyring is specified in I<arg3> (cast to I<key_serial_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If a key with the same type and description is already linked in the "
+"keyring, then that key is displaced from the keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Before creating the link, the kernel checks the nesting of the keyrings and "
+"returns appropriate errors if the link would produce a cycle or if the "
+"nesting of keyrings would be too deep (The limit on the nesting of keyrings "
+"is determined by the kernel constant B<KEYRING_SEARCH_MAX_DEPTH>, defined "
+"with the value 6, and is necessary to prevent overflows on the kernel stack "
+"when recursively searching keyrings)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The caller must have I<link> permission on the key being added and I<write> "
+"permission on the keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_link>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_UNLINK> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Unlink a key from a keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key to be unlinked is specified in I<arg2> (cast to "
+"I<key_serial_t>); the ID of the keyring from which it is to be unlinked is "
+"specified in I<arg3> (cast to I<key_serial_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "If the key is not currently linked into the keyring, an error results."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The caller must have I<write> permission on the keyring from which the key "
+"is being removed."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the last link to a key is removed, then that key will be scheduled for "
+"destruction."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_unlink>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_SEARCH> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Search for a key in a keyring tree, returning its ID and optionally linking "
+"it to a specified keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The tree to be searched is specified by passing the ID of the head keyring "
+"in I<arg2> (cast to I<key_serial_t>).  The search is performed breadth-first "
+"and recursively."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<arg3> and I<arg4> arguments specify the key to be searched for: "
+"I<arg3> (cast as I<char\\~*>)  contains the key type (a null-terminated "
+"character string up to 32 bytes in size, including the terminating null "
+"byte), and I<arg4> (cast as I<char\\~*>)  contains the description of the "
+"key (a null-terminated character string up to 4096 bytes in size, including "
+"the terminating null byte)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The source keyring must grant I<search> permission to the caller.  When "
+"performing the recursive search, only keyrings that grant the caller "
+"I<search> permission will be searched.  Only keys with for which the caller "
+"has I<search> permission can be found."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "If the key is found, its ID is returned as the function result."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the key is found and I<arg5> (cast to I<key_serial_t>)  is nonzero, then, "
+"subject to the same constraints and rules as B<KEYCTL_LINK>, the key is "
+"linked into the keyring whose ID is specified in I<arg5>.  If the "
+"destination keyring specified in I<arg5> already contains a link to a key "
+"that has the same type and description, then that link will be displaced by "
+"a link to the key found by this operation."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Instead of valid existing keyring IDs, the source (I<arg2>)  and destination "
+"(I<arg5>)  keyrings can be one of the special keyring IDs listed under "
+"B<KEYCTL_GET_KEYRING_ID>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_search>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_READ> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Read the payload data of a key."
+msgstr ""
+
+#.  including KEY_SPEC_REQKEY_AUTH_KEY
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key whose payload is to be read is specified in I<arg2> (cast "
+"to I<key_serial_t>).  This can be the ID of an existing key, or any of the "
+"special key IDs listed for B<KEYCTL_GET_KEYRING_ID>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The payload is placed in the buffer pointed by I<arg3> (cast to I<char\\ "
+"*>); the size of that buffer must be specified in I<arg4> (cast to "
+"I<size_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The returned data will be processed for presentation according to the key "
+"type.  For example, a keyring will return an array of I<key_serial_t> "
+"entries representing the IDs of all the keys that are linked to it.  The "
+"I<user> key type will return its data as is.  If a key type does not "
+"implement this function, the operation fails with the error B<EOPNOTSUPP>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If I<arg3> is not NULL, as much of the payload data as will fit is copied "
+"into the buffer.  On a successful return, the return value is always the "
+"total size of the payload data.  To determine whether the buffer was of "
+"sufficient size, check to see that the return value is less than or equal to "
+"the value supplied in I<arg4>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The key must either grant the caller I<read> permission, or grant the caller "
+"I<search> permission when searched for from the process keyrings (i.e., the "
+"key is possessed)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_read>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_INSTANTIATE> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"(Positively) instantiate an uninstantiated key with a specified payload."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key to be instantiated is provided in I<arg2> (cast to "
+"I<key_serial_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The key payload is specified in the buffer pointed to by I<arg3> (cast to "
+"I<void\\ *>); the size of that buffer is specified in I<arg4> (cast to "
+"I<size_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+msgid ""
+"The payload may be a null pointer and the buffer size may be 0 if this is "
+"supported by the key type (e.g., it is a keyring)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The operation may be fail if the payload data is in the wrong format or is "
+"otherwise invalid."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If I<arg5> (cast to I<key_serial_t>)  is nonzero, then, subject to the same "
+"constraints and rules as B<KEYCTL_LINK>, the instantiated key is linked into "
+"the keyring whose ID specified in I<arg5>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The caller must have the appropriate authorization key, and once the "
+"uninstantiated key has been instantiated, the authorization key is revoked.  "
+"In other words, this operation is available only from a B<request-key>(8)-"
+"style program.  See B<request_key>(2)  for an explanation of uninstantiated "
+"keys and key instantiation."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_instantiate>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_NEGATE> (since Linux 2.6.10)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Negatively instantiate an uninstantiated key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "This operation is equivalent to the call:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "keyctl(KEYCTL_REJECT, arg2, arg3, ENOKEY, arg4);\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_negate>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_SET_REQKEY_KEYRING> (since Linux 2.6.13)"
+msgstr ""
+
+#.  I.e., calls to the kernel's internal request_key() interface,
+#.  which is distinct from the request_key(2) system call (which
+#.  ultimately employs the kernel-internal interface).
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Set the default keyring to which implicitly requested keys will be linked "
+"for this thread, and return the previous setting.  Implicit key requests are "
+"those made by internal kernel components, such as can occur when, for "
+"example, opening files on an AFS or NFS filesystem.  Setting the default "
+"keyring also has an effect when requesting a key from user space; see "
+"B<request_key>(2)  for details."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<arg2> argument (cast to I<int>)  should contain one of the following "
+"values, to specify the new default keyring:"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_REQKEY_DEFL_NO_CHANGE>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Don't change the default keyring.  This can be used to discover the current "
+"default keyring (without changing it)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_REQKEY_DEFL_DEFAULT>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This selects the default behaviour, which is to use the thread-specific "
+"keyring if there is one, otherwise the process-specific keyring if there is "
+"one, otherwise the session keyring if there is one, otherwise the UID-"
+"specific session keyring, otherwise the user-specific keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_REQKEY_DEFL_THREAD_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Use the thread-specific keyring (B<thread-keyring>(7))  as the new default "
+"keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_REQKEY_DEFL_PROCESS_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Use the process-specific keyring (B<process-keyring>(7))  as the new default "
+"keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_REQKEY_DEFL_SESSION_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Use the session-specific keyring (B<session-keyring>(7))  as the new default "
+"keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_REQKEY_DEFL_USER_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Use the UID-specific keyring (B<user-keyring>(7))  as the new default "
+"keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_REQKEY_DEFL_USER_SESSION_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Use the UID-specific session keyring (B<user-session-keyring>(7))  as the "
+"new default keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEY_REQKEY_DEFL_REQUESTOR_KEYRING> (since Linux 2.6.29)"
+msgstr ""
+
+#
+#
+#.  8bbf4976b59fc9fc2861e79cab7beb3f6d647640
+#.  FIXME The preceding explanation needs to be expanded.
+#.  Is the following correct:
+#. 	The requestor keyring is the dest_keyring that
+#. 	was supplied to a call to request_key(2)?
+#.  David Howells said: to be checked
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Use the requestor keyring."
+msgstr ""
+
+#.  (including the still-unsupported KEY_REQKEY_DEFL_GROUP_KEYRING)
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "All other values are invalid."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The setting controlled by this operation is inherited by the child of "
+"B<fork>(2)  and preserved across B<execve>(2)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_set_reqkey_keyring>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_SET_TIMEOUT> (since Linux 2.6.16)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Set a timeout on a key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key is specified in I<arg2> (cast to I<key_serial_t>).  The "
+"timeout value, in seconds from the current time, is specified in I<arg3> "
+"(cast to I<unsigned int>).  The timeout is measured against the realtime "
+"clock."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Specifying the timeout value as 0 clears any existing timeout on the key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I</proc/keys> file displays the remaining time until each key will "
+"expire.  (This is the only method of discovering the timeout on a key.)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The caller must either have the I<setattr> permission on the key or hold an "
+"instantiation authorization token for the key (see B<request_key>(2))."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The key and any links to the key will be automatically garbage collected "
+"after the timeout expires.  Subsequent attempts to access the key will then "
+"fail with the error B<EKEYEXPIRED>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation cannot be used to set timeouts on revoked, expired, or "
+"negatively instantiated keys."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_set_timeout>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_ASSUME_AUTHORITY> (since Linux 2.6.16)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Assume (or divest) the authority for the calling thread to instantiate a key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<arg2> argument (cast to I<key_serial_t>)  specifies either a nonzero "
+"key ID to assume authority, or the value 0 to divest authority."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If I<arg2> is nonzero, then it specifies the ID of an uninstantiated key for "
+"which authority is to be assumed.  That key can then be instantiated using "
+"one of B<KEYCTL_INSTANTIATE>, B<KEYCTL_INSTANTIATE_IOV>, B<KEYCTL_REJECT>, "
+"or B<KEYCTL_NEGATE>.  Once the key has been instantiated, the thread is "
+"automatically divested of authority to instantiate the key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Authority over a key can be assumed only if the calling thread has present "
+"in its keyrings the authorization key that is associated with the specified "
+"key.  (In other words, the B<KEYCTL_ASSUME_AUTHORITY> operation is available "
+"only from a B<request-key>(8)-style program; see B<request_key>(2)  for an "
+"explanation of how this operation is used.)  The caller must have I<search> "
+"permission on the authorization key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the specified key has a matching authorization key, then the ID of that "
+"key is returned.  The authorization key can be read (B<KEYCTL_READ>)  to "
+"obtain the callout information passed to B<request_key>(2)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the ID given in I<arg2> is 0, then the currently assumed authority is "
+"cleared (divested), and the value 0 is returned."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The B<KEYCTL_ASSUME_AUTHORITY> mechanism allows a program such as B<request-"
+"key>(8)  to assume the necessary authority to instantiate a new "
+"uninstantiated key that was created as a consequence of a call to "
+"B<request_key>(2).  For further information, see B<request_key>(2)  and the "
+"kernel source file I<Documentation/security/keys-request-key.txt>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_assume_authority>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_GET_SECURITY> (since Linux 2.6.26)"
+msgstr ""
+
+#.  commit 70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Get the LSM (Linux Security Module) security label of the specified key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key whose security label is to be fetched is specified in "
+"I<arg2> (cast to I<key_serial_t>).  The security label (terminated by a null "
+"byte)  will be placed in the buffer pointed to by I<arg3> argument (cast to "
+"I<char\\ *>); the size of the buffer must be provided in I<arg4> (cast to "
+"I<size_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If I<arg3> is specified as NULL or the buffer size specified in I<arg4> is "
+"too small, the full size of the security label string (including the "
+"terminating null byte)  is returned as the function result, and nothing is "
+"copied to the buffer."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The caller must have I<view> permission on the specified key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The returned security label string will be rendered in a form appropriate to "
+"the LSM in force.  For example, with SELinux, it may look like:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If no LSM is currently in force, then an empty string is placed in the "
+"buffer."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the functions "
+"B<keyctl_get_security>(3)  and B<keyctl_get_security_alloc>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_SESSION_TO_PARENT> (since Linux 2.6.32)"
+msgstr ""
+
+#.  commit ee18d64c1f632043a02e6f5ba5e045bb26a5465f
+#.  What is the use case for KEYCTL_SESSION_TO_PARENT?
+#.  David Howells: the Process Authentication Groups people requested this,
+#.  but then didn't use it; maybe there are no users.
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Replace the session keyring to which the I<parent> of the calling process "
+"subscribes with the session keyring of the calling process."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The keyring will be replaced in the parent process at the point where the "
+"parent next transitions from kernel space to user space."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The keyring must exist and must grant the caller I<link> permission.  The "
+"parent process must be single-threaded and have the same effective ownership "
+"as this process and must not be set-user-ID or set-group-ID.  The UID of the "
+"parent process's existing session keyring (f it has one), as well as the UID "
+"of the caller's session keyring much match the caller's effective UID."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The fact that it is the parent process that is affected by this operation "
+"allows a program such as the shell to start a child process that uses this "
+"operation to change the shell's session keyring.  (This is what the "
+"B<keyctl>(1)  B<new_session> command does.)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The arguments I<arg2>, I<arg3>, I<arg4>, and I<arg5> are ignored."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_session_to_parent>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_REJECT> (since Linux 2.6.39)"
+msgstr ""
+
+#.  commit fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Mark a key as negatively instantiated and set an expiration timer on the "
+"key.  This operation provides a superset of the functionality of the earlier "
+"B<KEYCTL_NEGATE> operation."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key that is to be negatively instantiated is specified in "
+"I<arg2> (cast to I<key_serial_t>).  The I<arg3> (cast to I<unsigned int>)  "
+"argument specifies the lifetime of the key, in seconds.  The I<arg4> "
+"argument (cast to I<unsigned int>)  specifies the error to be returned when "
+"a search hits this key; typically, this is one of B<EKEYREJECTED>, "
+"B<EKEYREVOKED>, or B<EKEYEXPIRED>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If I<arg5> (cast to I<key_serial_t>)  is nonzero, then, subject to the same "
+"constraints and rules as B<KEYCTL_LINK>, the negatively instantiated key is "
+"linked into the keyring whose ID is specified in I<arg5>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The caller must have the appropriate authorization key.  In other words, "
+"this operation is available only from a B<request-key>(8)-style program.  "
+"See B<request_key>(2)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_reject>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_INSTANTIATE_IOV> (since Linux 2.6.39)"
+msgstr ""
+
+#.  commit ee009e4a0d4555ed522a631bae9896399674f063
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Instantiate an uninstantiated key with a payload specified via a vector of "
+"buffers."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is the same as B<KEYCTL_INSTANTIATE>, but the payload data is "
+"specified as an array of I<iovec> structures (see B<iovec>(3type))."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The pointer to the payload vector is specified in I<arg3> (cast as I<const "
+"struct iovec\\~*>).  The number of items in the vector is specified in "
+"I<arg4> (cast as I<unsigned int>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<arg2> (key ID)  and I<arg5> (keyring ID)  are interpreted as for "
+"B<KEYCTL_INSTANTIATE>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_instantiate_iov>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_INVALIDATE> (since Linux 3.5)"
+msgstr ""
+
+#.  commit fd75815f727f157a05f4c96b5294a4617c0557da
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Mark a key as invalid."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the key to be invalidated is specified in I<arg2> (cast to "
+"I<key_serial_t>)."
+msgstr ""
+
+#.  CAP_SYS_ADMIN is permitted to invalidate certain special keys
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"To invalidate a key, the caller must have I<search> permission on the key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation marks the key as invalid and schedules immediate garbage "
+"collection.  The garbage collector removes the invalidated key from all "
+"keyrings and deletes the key when its reference count reaches zero.  After "
+"this operation, the key will be ignored by all searches, even if it is not "
+"yet deleted."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Keys that are marked invalid become invisible to normal key operations "
+"immediately, though they are still visible in I</proc/keys> (marked with an "
+"'i' flag)  until they are actually removed."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_invalidate>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_GET_PERSISTENT> (since Linux 3.13)"
+msgstr ""
+
+#.  commit f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Get the persistent keyring (B<persistent-keyring>(7))  for a specified user "
+"and link it to a specified keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The user ID is specified in I<arg2> (cast to I<uid_t>).  If the value -1 is "
+"specified, the caller's real user ID is used.  The ID of the destination "
+"keyring is specified in I<arg3> (cast to I<key_serial_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The caller must have the B<CAP_SETUID> capability in its user namespace in "
+"order to fetch the persistent keyring for a user ID that does not match "
+"either the real or effective user ID of the caller."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the call is successful, a link to the persistent keyring is added to the "
+"keyring whose ID was specified in I<arg3>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The persistent keyring will be created by the kernel if it does not yet "
+"exist."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Each time the B<KEYCTL_GET_PERSISTENT> operation is performed, the "
+"persistent keyring will have its expiration timeout reset to the value in:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "/proc/sys/kernel/keys/persistent_keyring_expiry\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Should the timeout be reached, the persistent keyring will be removed and "
+"everything it pins can then be garbage collected."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Persistent keyrings were added in Linux 3.13."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> via the function "
+"B<keyctl_get_persistent>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_DH_COMPUTE> (since Linux 4.7)"
+msgstr ""
+
+#.  commit ddbb41148724367394d0880c516bfaeed127b52e
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Compute a Diffie-Hellman shared secret or public key, optionally applying "
+"key derivation function (KDF) to the result."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<arg2> argument is a pointer to a set of parameters containing serial "
+"numbers for three I<\"user\"> keys used in the Diffie-Hellman calculation, "
+"packaged in a structure of the following form:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"struct keyctl_dh_params {\n"
+"    int32_t private; /* The local private key */\n"
+"    int32_t prime; /* The prime, known to both parties */\n"
+"    int32_t base;  /* The base integer: either a shared\n"
+"                      generator or the remote public key */\n"
+"};\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Each of the three keys specified in this structure must grant the caller "
+"I<read> permission.  The payloads of these keys are used to calculate the "
+"Diffie-Hellman result as:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "base \\[ha] private mod prime\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the base is the shared generator, the result is the local public key.  If "
+"the base is the remote public key, the result is the shared secret."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<arg3> argument (cast to I<char\\~*>)  points to a buffer where the "
+"result of the calculation is placed.  The size of that buffer is specified "
+"in I<arg4> (cast to I<size_t>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The buffer must be large enough to accommodate the output data, otherwise an "
+"error is returned.  If I<arg4> is specified zero, in which case the buffer "
+"is not used and the operation returns the minimum required buffer size (i."
+"e., the length of the prime)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Diffie-Hellman computations can be performed in user space, but require a "
+"multiple-precision integer (MPI) library.  Moving the implementation into "
+"the kernel gives access to the kernel MPI implementation, and allows access "
+"to secure or acceleration hardware."
+msgstr ""
+
+#.  commit f1c316a3ab9d24df6022682422fe897492f2c0c8
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Adding support for DH computation to the B<keyctl>()  system call was "
+"considered a good fit due to the DH algorithm's use for deriving shared "
+"keys; it also allows the type of the key to determine which DH "
+"implementation (software or hardware) is appropriate."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If the I<arg5> argument is B<NULL>, then the DH result itself is returned.  "
+"Otherwise (since Linux 4.12), it is a pointer to a structure which specifies "
+"parameters of the KDF operation to be applied:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"struct keyctl_kdf_params {\n"
+"    char *hashname;     /* Hash algorithm name */\n"
+"    char *otherinfo;    /* SP800-56A OtherInfo */\n"
+"    __u32 otherinfolen; /* Length of otherinfo data */\n"
+"    __u32 __spare[8];   /* Reserved */\n"
+"};\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<hashname> field is a null-terminated string which specifies a hash "
+"name (available in the kernel's crypto API; the list of the hashes available "
+"is rather tricky to observe; please refer to the E<.UR https://www.kernel."
+"org\\:/doc\\:/html\\:/latest\\:/crypto\\:/architecture.html> \"Kernel Crypto "
+"API Architecture\" E<.UE> documentation for the information regarding how "
+"hash names are constructed and your kernel's source and configuration "
+"regarding what ciphers and templates with type B<CRYPTO_ALG_TYPE_SHASH> are "
+"available)  to be applied to DH result in KDF operation."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The I<otherinfo> field is an I<OtherInfo> data as described in SP800-56A "
+"section 5.8.1.2 and is algorithm-specific.  This data is concatenated with "
+"the result of DH operation and is provided as an input to the KDF "
+"operation.  Its size is provided in the I<otherinfolen> field and is limited "
+"by B<KEYCTL_KDF_MAX_OI_LEN> constant that defined in I<security/keys/"
+"internal.h> to a value of 64."
+msgstr ""
+
+#.  commit 4f9dabfaf8df971f8a3b6aa324f8f817be38d538
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The B<__spare> field is currently unused.  It was ignored until Linux 4.13 "
+"(but still should be user-addressable since it is copied to the kernel), and "
+"should contain zeros since Linux 4.13."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The KDF implementation complies with SP800-56A as well as with SP800-108 "
+"(the counter KDF)."
+msgstr ""
+
+#.  keyutils commit 742c9d7b94051d3b21f9f61a73ed6b5f3544cb82
+#.  keyutils commit d68a981e5db41d059ac782071c35d1e8f3aaf61c
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"This operation is exposed by I<libkeyutils> (from I<libkeyutils> 1.5.10 "
+"onwards) via the functions B<keyctl_dh_compute>(3)  and "
+"B<keyctl_dh_compute_alloc>(3)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_RESTRICT_KEYRING> (since Linux 4.12)"
+msgstr ""
+
+#.  commit 6563c91fd645556c7801748f15bc727c77fcd311
+#.  commit 7228b66aaf723a623e578aa4db7d083bb39546c9
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Apply a key-linking restriction to the keyring with the ID provided in "
+"I<arg2> (cast to I<key_serial_t>).  The caller must have I<setattr> "
+"permission on the key.  If I<arg3> is NULL, any attempt to add a key to the "
+"keyring is blocked; otherwise it contains a pointer to a string with a key "
+"type name and I<arg4> contains a pointer to string that describes the type-"
+"specific restriction.  As of Linux 4.12, only the type \"asymmetric\" has "
+"restrictions defined:"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<builtin_trusted>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Allows only keys that are signed by a key linked to the built-in keyring (\"."
+"builtin_trusted_keys\")."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<builtin_and_secondary_trusted>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Allows only keys that are signed by a key linked to the secondary keyring "
+"(\".secondary_trusted_keys\") or, by extension, a key in a built-in keyring, "
+"as the latter is linked to the former."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<key_or_keyring:>I<key>"
+msgstr ""
+
+#. type: TQ
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<key_or_keyring:>I<key>B<:chain>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If I<key> specifies the ID of a key of type \"asymmetric\", then only keys "
+"that are signed by this key are allowed."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If I<key> specifies the ID of a keyring, then only keys that are signed by a "
+"key linked to this keyring are allowed."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"If \":chain\" is specified, keys that are signed by a keys linked to the "
+"destination keyring (that is, the keyring with the ID specified in the "
+"I<arg2> argument) are also allowed."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Note that a restriction can be configured only once for the specified "
+"keyring; once a restriction is set, it can't be overridden."
+msgstr ""
+
+#.  FIXME Document KEYCTL_RESTRICT_KEYRING, added in Linux 4.12
+#.      commit 6563c91fd645556c7801748f15bc727c77fcd311
+#.      Author: Mat Martineau <mathew.j.martineau@linux.intel.com>
+#.  See Documentation/security/keys.txt
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The argument I<arg5> is ignored."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "RETURN VALUE"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "For a successful call, the return value depends on the operation:"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_GET_KEYRING_ID>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The ID of the requested keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_JOIN_SESSION_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The ID of the joined session keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_DESCRIBE>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The size of the description (including the terminating null byte), "
+"irrespective of the provided buffer size."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_SEARCH>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The ID of the key that was found."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_READ>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The amount of data that is available in the key, irrespective of the "
+"provided buffer size."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_SET_REQKEY_KEYRING>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The ID of the previous default keyring to which implicitly requested keys "
+"were linked (one of B<KEY_REQKEY_DEFL_USER_*>)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_ASSUME_AUTHORITY>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Either 0, if the ID given was 0, or the ID of the authorization key matching "
+"the specified key, if a nonzero key ID was provided."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_GET_SECURITY>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The size of the LSM security label string (including the terminating null "
+"byte), irrespective of the provided buffer size."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_GET_PERSISTENT>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The ID of the persistent keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<KEYCTL_DH_COMPUTE>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The number of bytes copied to the buffer, or, if I<arg4> is 0, the required "
+"buffer size."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "All other operations"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Zero."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "On error, -1 is returned, and I<errno> is set to indicate the error."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "ERRORS"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EACCES>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "The requested operation wasn't permitted."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EAGAIN>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> and there was an error during crypto "
+"module initialization."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EDEADLK>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_LINK> and the requested link would result in a "
+"cycle."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_RESTRICT_KEYRING> and the requested keyring "
+"restriction would result in a cycle."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EDQUOT>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The key quota for the caller's user would be exceeded by creating a key or "
+"linking it to the keyring."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EEXIST>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_RESTRICT_KEYRING> and keyring provided in I<arg2> "
+"argument already has a restriction set."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EFAULT>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> and one of the following has failed:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"copying of the I<struct keyctl_dh_params>, provided in the I<arg2> argument, "
+"from user space;"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"copying of the I<struct keyctl_kdf_params>, provided in the non-NULL I<arg5> "
+"argument, from user space (in case kernel supports performing KDF operation "
+"on DH operation result);"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"copying of data pointed by the I<hashname> field of the I<struct "
+"keyctl_kdf_params> from user space;"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"copying of data pointed by the I<otherinfo> field of the I<struct "
+"keyctl_kdf_params> from user space if the I<otherinfolen> field was nonzero;"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "copying of the result to user space."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EINVAL>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_SETPERM> and an invalid permission bit was "
+"specified in I<arg3>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_SEARCH> and the size of the description in I<arg4> "
+"(including the terminating null byte) exceeded 4096 bytes."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"size of the string (including the terminating null byte) specified in "
+"I<arg3> (the key type)  or I<arg4> (the key description)  exceeded the limit "
+"(32 bytes and 4096 bytes respectively)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EINVAL> (before Linux 4.12)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "I<operation> was B<KEYCTL_DH_COMPUTE>, argument I<arg5> was non-NULL."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> And the digest size of the hashing "
+"algorithm supplied is zero."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> and the buffer size provided is not "
+"enough to hold the result.  Provide 0 as a buffer size in order to obtain "
+"the minimum buffer size."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> and the hash name provided in the "
+"I<hashname> field of the I<struct keyctl_kdf_params> pointed by I<arg5> "
+"argument is too big (the limit is implementation-specific and varies between "
+"kernel versions, but it is deemed big enough for all valid algorithm names)."
+msgstr ""
+
+#.  commit 4f9dabfaf8df971f8a3b6aa324f8f817be38d538
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> and the I<__spare> field of the "
+"I<struct keyctl_kdf_params> provided in the I<arg5> argument contains "
+"nonzero values."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EKEYEXPIRED>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "An expired key was found or specified."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EKEYREJECTED>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "A rejected key was found or specified."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EKEYREVOKED>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "A revoked key was found or specified."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<ELOOP>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_LINK> and the requested link would cause the "
+"maximum nesting depth for keyrings to be exceeded."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EMSGSIZE>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> and the buffer length exceeds "
+"B<KEYCTL_KDF_MAX_OUTPUT_LEN> (which is 1024 currently)  or the "
+"I<otherinfolen> field of the I<struct keyctl_kdf_parms> passed in I<arg5> "
+"exceeds B<KEYCTL_KDF_MAX_OI_LEN> (which is 64 currently)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<ENFILE> (before Linux 3.13)"
+msgstr ""
+
+#.  commit b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_LINK> and the keyring is full.  (Before Linux "
+"3.13, the available space for storing keyring links was limited to a single "
+"page of memory; since Linux 3.13, there is no fixed limit.)"
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<ENOENT>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_UNLINK> and the key to be unlinked isn't linked to "
+"the keyring."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> and the hashing algorithm specified in "
+"the I<hashname> field of the I<struct keyctl_kdf_params> pointed by I<arg5> "
+"argument hasn't been found."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_RESTRICT_KEYRING> and the type provided in I<arg3> "
+"argument doesn't support setting key linking restrictions."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<ENOKEY>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "No matching key was found or an invalid key was specified."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The value B<KEYCTL_GET_KEYRING_ID> was specified in I<operation>, the key "
+"specified in I<arg2> did not exist, and I<arg3> was zero (meaning don't "
+"create the key if it didn't exist)."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<ENOMEM>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"One of kernel memory allocation routines failed during the execution of the "
+"syscall."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<ENOTDIR>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"A key of keyring type was expected but the ID of a key with a different type "
+"was provided."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EOPNOTSUPP>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_READ> and the key type does not support reading (e."
+"g., the type is I<\"login\">)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_UPDATE> and the key type does not support updating."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_RESTRICT_KEYRING>, the type provided in I<arg3> "
+"argument was \"asymmetric\", and the key specified in the restriction "
+"specification provided in I<arg4> has type other than \"asymmetric\" or "
+"\"keyring\"."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<EPERM>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_GET_PERSISTENT>, I<arg2> specified a UID other "
+"than the calling thread's real or effective UID, and the caller did not have "
+"the B<CAP_SETUID> capability."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_SESSION_TO_PARENT> and either: all of the UIDs "
+"(GIDs) of the parent process do not match the effective UID (GID) of the "
+"calling process; the UID of the parent's existing session keyring or the UID "
+"of the caller's session keyring did not match the effective UID of the "
+"caller; the parent process is not single-thread; or the parent process is "
+"B<init>(1)  or a kernel thread."
+msgstr ""
+
+#. type: TP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "B<ETIMEDOUT>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"I<operation> was B<KEYCTL_DH_COMPUTE> and the initialization of crypto "
+"modules has timed out."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "VERSIONS"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"A wrapper is provided in the I<libkeyutils> library.  (The accompanying "
+"package provides the I<E<lt>keyutils.hE<gt>> header file.)  However, rather "
+"than using this system call directly, you probably want to use the various "
+"library functions mentioned in the descriptions of individual operations "
+"above."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "STANDARDS"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Linux."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "HISTORY"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Linux 2.6.10."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "EXAMPLES"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The program below provide subset of the functionality of the B<request-"
+"key>(8)  program provided by the I<keyutils> package.  For informational "
+"purposes, the program records various information in a log file."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"As described in B<request_key>(2), the B<request-key>(8)  program is invoked "
+"with command-line arguments that describe a key that is to be instantiated.  "
+"The example program fetches and logs these arguments.  The program assumes "
+"authority to instantiate the requested key, and then instantiates that key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The following shell session demonstrates the use of this program.  In the "
+"session, we compile the program and then use it to temporarily replace the "
+"standard B<request-key>(8)  program.  (Note that temporarily disabling the "
+"standard B<request-key>(8)  program may not be safe on some systems.)  While "
+"our example program is installed, we use the example program shown in "
+"B<request_key>(2)  to request a key."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"$ B<cc -o key_instantiate key_instantiate.c -lkeyutils>\n"
+"$ B<sudo mv /sbin/request-key /sbin/request-key.backup>\n"
+"$ B<sudo cp key_instantiate /sbin/request-key>\n"
+"$ B<./t_request_key user mykey somepayloaddata>\n"
+"Key ID is 20d035bf\n"
+"$ B<sudo mv /sbin/request-key.backup /sbin/request-key>\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Looking at the log file created by this program, we can see the command-line "
+"arguments supplied to our example program:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"$ B<cat /tmp/key_instantiate.log>\n"
+"Time: Mon Nov  7 13:06:47 2016\n"
+"\\&\n"
+"Command line arguments:\n"
+"  argv[0]:            /sbin/request-key\n"
+"  operation:          create\n"
+"  key_to_instantiate: 20d035bf\n"
+"  UID:                1000\n"
+"  GID:                1000\n"
+"  thread_keyring:     0\n"
+"  process_keyring:    0\n"
+"  session_keyring:    256e6a6\n"
+"\\&\n"
+"Key description:      user;1000;1000;3f010000;mykey\n"
+"Auth key payload:     somepayloaddata\n"
+"Destination keyring:  256e6a6\n"
+"Auth key description: .request_key_auth;1000;1000;0b010000;20d035bf\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The last few lines of the above output show that the example program was "
+"able to fetch:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"the description of the key to be instantiated, which included the name of "
+"the key (I<mykey>);"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"the payload of the authorization key, which consisted of the data "
+"(I<somepayloaddata>)  passed to B<request_key>(2);"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"the destination keyring that was specified in the call to B<request_key>(2); "
+"and"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"the description of the authorization key, where we can see that the name of "
+"the authorization key matches the ID of the key that is to be instantiated "
+"(I<20d035bf>)."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The example program in B<request_key>(2)  specified the destination keyring "
+"as B<KEY_SPEC_SESSION_KEYRING>.  By examining the contents of I</proc/keys>, "
+"we can see that this was translated to the ID of the destination keyring "
+"(I<0256e6a6>)  shown in the log output above; we can also see the newly "
+"created key with the name I<mykey> and ID I<20d035bf>."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"$ B<cat /proc/keys | egrep \\[aq]mykey|256e6a6\\[aq]>\n"
+"0256e6a6 I--Q---  194 perm 3f030000  1000  1000 keyring  _ses: 3\n"
+"20d035bf I--Q---    1 perm 3f010000  1000  1000 user     mykey: 16\n"
+msgstr ""
+
+#. type: SS
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "Program source"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"/* key_instantiate.c */\n"
+"\\&\n"
+"#include E<lt>errno.hE<gt>\n"
+"#include E<lt>keyutils.hE<gt>\n"
+"#include E<lt>stdint.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+"#include E<lt>stdlib.hE<gt>\n"
+"#include E<lt>string.hE<gt>\n"
+"#include E<lt>sys/types.hE<gt>\n"
+"#include E<lt>time.hE<gt>\n"
+"\\&\n"
+"#ifndef KEY_SPEC_REQUESTOR_KEYRING\n"
+"#define KEY_SPEC_REQUESTOR_KEYRING      (-8)\n"
+"#endif\n"
+"\\&\n"
+"int\n"
+"main(int argc, char *argv[])\n"
+"{\n"
+"    int           akp_size;       /* Size of auth_key_payload */\n"
+"    int           auth_key;\n"
+"    char          dbuf[256];\n"
+"    char          auth_key_payload[256];\n"
+"    char          *operation;\n"
+"    FILE          *fp;\n"
+"    gid_t         gid;\n"
+"    uid_t         uid;\n"
+"    time_t        t;\n"
+"    key_serial_t  key_to_instantiate, dest_keyring;\n"
+"    key_serial_t  thread_keyring, process_keyring, session_keyring;\n"
+"\\&\n"
+"    if (argc != 8) {\n"
+"        fprintf(stderr, \"Usage: %s op key uid gid thread_keyring \"\n"
+"                        \"process_keyring session_keyring\\en\", argv[0]);\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+"\\&\n"
+"    fp = fopen(\"/tmp/key_instantiate.log\", \"w\");\n"
+"    if (fp == NULL)\n"
+"        exit(EXIT_FAILURE);\n"
+"\\&\n"
+"    setbuf(fp, NULL);\n"
+"\\&\n"
+"    t = time(NULL);\n"
+"    fprintf(fp, \"Time: %s\\en\", ctime(&t));\n"
+"\\&\n"
+"    /*\n"
+"     * The kernel passes a fixed set of arguments to the program\n"
+"     * that it execs; fetch them.\n"
+"     */\n"
+"    operation = argv[1];\n"
+"    key_to_instantiate = atoi(argv[2]);\n"
+"    uid = atoi(argv[3]);\n"
+"    gid = atoi(argv[4]);\n"
+"    thread_keyring = atoi(argv[5]);\n"
+"    process_keyring = atoi(argv[6]);\n"
+"    session_keyring = atoi(argv[7]);\n"
+"\\&\n"
+"    fprintf(fp, \"Command line arguments:\\en\");\n"
+"    fprintf(fp, \"  argv[0]:            %s\\en\", argv[0]);\n"
+"    fprintf(fp, \"  operation:          %s\\en\", operation);\n"
+"    fprintf(fp, \"  key_to_instantiate: %jx\\en\",\n"
+"            (uintmax_t) key_to_instantiate);\n"
+"    fprintf(fp, \"  UID:                %jd\\en\", (intmax_t) uid);\n"
+"    fprintf(fp, \"  GID:                %jd\\en\", (intmax_t) gid);\n"
+"    fprintf(fp, \"  thread_keyring:     %jx\\en\",\n"
+"            (uintmax_t) thread_keyring);\n"
+"    fprintf(fp, \"  process_keyring:    %jx\\en\",\n"
+"            (uintmax_t) process_keyring);\n"
+"    fprintf(fp, \"  session_keyring:    %jx\\en\",\n"
+"            (uintmax_t) session_keyring);\n"
+"    fprintf(fp, \"\\en\");\n"
+"\\&\n"
+"    /*\n"
+"     * Assume the authority to instantiate the key named in argv[2].\n"
+"     */\n"
+"    if (keyctl(KEYCTL_ASSUME_AUTHORITY, key_to_instantiate) == -1) {\n"
+"        fprintf(fp, \"KEYCTL_ASSUME_AUTHORITY failed: %s\\en\",\n"
+"                strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+"\\&\n"
+"    /*\n"
+"     * Fetch the description of the key that is to be instantiated.\n"
+"     */\n"
+"    if (keyctl(KEYCTL_DESCRIBE, key_to_instantiate,\n"
+"               dbuf, sizeof(dbuf)) == -1) {\n"
+"        fprintf(fp, \"KEYCTL_DESCRIBE failed: %s\\en\", strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+"\\&\n"
+"    fprintf(fp, \"Key description:      %s\\en\", dbuf);\n"
+"\\&\n"
+"    /*\n"
+"     * Fetch the payload of the authorization key, which is\n"
+"     * actually the callout data given to request_key().\n"
+"     */\n"
+"    akp_size = keyctl(KEYCTL_READ, KEY_SPEC_REQKEY_AUTH_KEY,\n"
+"                      auth_key_payload, sizeof(auth_key_payload));\n"
+"    if (akp_size == -1) {\n"
+"        fprintf(fp, \"KEYCTL_READ failed: %s\\en\", strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+"\\&\n"
+"    auth_key_payload[akp_size] = \\[aq]\\e0\\[aq];\n"
+"    fprintf(fp, \"Auth key payload:     %s\\en\", auth_key_payload);\n"
+"\\&\n"
+"    /*\n"
+"     * For interest, get the ID of the authorization key and\n"
+"     * display it.\n"
+"     */\n"
+"    auth_key = keyctl(KEYCTL_GET_KEYRING_ID,\n"
+"                      KEY_SPEC_REQKEY_AUTH_KEY);\n"
+"    if (auth_key == -1) {\n"
+"        fprintf(fp, \"KEYCTL_GET_KEYRING_ID failed: %s\\en\",\n"
+"                strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+"\\&\n"
+"    fprintf(fp, \"Auth key ID:          %jx\\en\", (uintmax_t) auth_key);\n"
+"\\&\n"
+"    /*\n"
+"     * Fetch key ID for the request_key(2) destination keyring.\n"
+"     */\n"
+"    dest_keyring = keyctl(KEYCTL_GET_KEYRING_ID,\n"
+"                          KEY_SPEC_REQUESTOR_KEYRING);\n"
+"    if (dest_keyring == -1) {\n"
+"        fprintf(fp, \"KEYCTL_GET_KEYRING_ID failed: %s\\en\",\n"
+"                strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+"\\&\n"
+"    fprintf(fp, \"Destination keyring:  %jx\\en\", (uintmax_t) dest_keyring);\n"
+"\\&\n"
+"    /*\n"
+"     * Fetch the description of the authorization key. This\n"
+"     * allows us to see the key type, UID, GID, permissions,\n"
+"     * and description (name) of the key. Among other things,\n"
+"     * we will see that the name of the key is a hexadecimal\n"
+"     * string representing the ID of the key to be instantiated.\n"
+"     */\n"
+"    if (keyctl(KEYCTL_DESCRIBE, KEY_SPEC_REQKEY_AUTH_KEY,\n"
+"               dbuf, sizeof(dbuf)) == -1)\n"
+"    {\n"
+"        fprintf(fp, \"KEYCTL_DESCRIBE failed: %s\\en\", strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+"\\&\n"
+"    fprintf(fp, \"Auth key description: %s\\en\", dbuf);\n"
+"\\&\n"
+"    /*\n"
+"     * Instantiate the key using the callout data that was supplied\n"
+"     * in the payload of the authorization key.\n"
+"     */\n"
+"    if (keyctl(KEYCTL_INSTANTIATE, key_to_instantiate,\n"
+"               auth_key_payload, akp_size + 1, dest_keyring) == -1)\n"
+"    {\n"
+"        fprintf(fp, \"KEYCTL_INSTANTIATE failed: %s\\en\",\n"
+"                strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+"\\&\n"
+"    exit(EXIT_SUCCESS);\n"
+"}\n"
+msgstr ""
+
+#.  SRC END
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "SEE ALSO"
+msgstr ""
+
+#.      .BR find_key_by_type_and_name (3)
+#.      There is a man page, but this function seems not to exist
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"B<keyctl>(1), B<add_key>(2), B<request_key>(2), B<keyctl>(3), "
+"B<keyctl_assume_authority>(3), B<keyctl_chown>(3), B<keyctl_clear>(3), "
+"B<keyctl_describe>(3), B<keyctl_describe_alloc>(3), B<keyctl_dh_compute>(3), "
+"B<keyctl_dh_compute_alloc>(3), B<keyctl_get_keyring_ID>(3), "
+"B<keyctl_get_persistent>(3), B<keyctl_get_security>(3), "
+"B<keyctl_get_security_alloc>(3), B<keyctl_instantiate>(3), "
+"B<keyctl_instantiate_iov>(3), B<keyctl_invalidate>(3), "
+"B<keyctl_join_session_keyring>(3), B<keyctl_link>(3), B<keyctl_negate>(3), "
+"B<keyctl_read>(3), B<keyctl_read_alloc>(3), B<keyctl_reject>(3), "
+"B<keyctl_revoke>(3), B<keyctl_search>(3), B<keyctl_session_to_parent>(3), "
+"B<keyctl_set_reqkey_keyring>(3), B<keyctl_set_timeout>(3), "
+"B<keyctl_setperm>(3), B<keyctl_unlink>(3), B<keyctl_update>(3), "
+"B<recursive_key_scan>(3), B<recursive_session_key_scan>(3), "
+"B<capabilities>(7), B<credentials>(7), B<keyrings>(7), B<keyutils>(7), "
+"B<persistent-keyring>(7), B<process-keyring>(7), B<session-keyring>(7), "
+"B<thread-keyring>(7), B<user-keyring>(7), B<user_namespaces>(7), B<user-"
+"session-keyring>(7), B<request-key>(8)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The kernel source files under I<Documentation/security/keys/> (or, before "
+"Linux 4.13, in the file I<Documentation/security/keys.txt>)."
+msgstr ""
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "2023-02-05"
+msgstr ""
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "Linux man-pages 6.03"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Alternatively, Linux Key Management Utilities (I<libkeyutils>, I<-"
+"lkeyutils>); see NOTES."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm debian-unstable opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The payload may be a NULL pointer and the buffer size may be 0 if this is "
+"supported by the key type (e.g., it is a keyring)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid "This system call first appeared in Linux 2.6.10."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid "This system call is a nonstandard Linux extension."
+msgstr ""
+
+#. type: SH
+#: debian-bookworm
+#, no-wrap
+msgid "NOTES"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"$ B<cat /tmp/key_instantiate.log>\n"
+"Time: Mon Nov  7 13:06:47 2016\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"Command line arguments:\n"
+"  argv[0]:            /sbin/request-key\n"
+"  operation:          create\n"
+"  key_to_instantiate: 20d035bf\n"
+"  UID:                1000\n"
+"  GID:                1000\n"
+"  thread_keyring:     0\n"
+"  process_keyring:    0\n"
+"  session_keyring:    256e6a6\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"Key description:      user;1000;1000;3f010000;mykey\n"
+"Auth key payload:     somepayloaddata\n"
+"Destination keyring:  256e6a6\n"
+"Auth key description: .request_key_auth;1000;1000;0b010000;20d035bf\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "/* key_instantiate.c */\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"#include E<lt>errno.hE<gt>\n"
+"#include E<lt>keyutils.hE<gt>\n"
+"#include E<lt>stdint.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+"#include E<lt>stdlib.hE<gt>\n"
+"#include E<lt>string.hE<gt>\n"
+"#include E<lt>sys/types.hE<gt>\n"
+"#include E<lt>time.hE<gt>\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"#ifndef KEY_SPEC_REQUESTOR_KEYRING\n"
+"#define KEY_SPEC_REQUESTOR_KEYRING      (-8)\n"
+"#endif\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"int\n"
+"main(int argc, char *argv[])\n"
+"{\n"
+"    int           akp_size;       /* Size of auth_key_payload */\n"
+"    int           auth_key;\n"
+"    char          dbuf[256];\n"
+"    char          auth_key_payload[256];\n"
+"    char          *operation;\n"
+"    FILE          *fp;\n"
+"    gid_t         gid;\n"
+"    uid_t         uid;\n"
+"    time_t        t;\n"
+"    key_serial_t  key_to_instantiate, dest_keyring;\n"
+"    key_serial_t  thread_keyring, process_keyring, session_keyring;\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    if (argc != 8) {\n"
+"        fprintf(stderr, \"Usage: %s op key uid gid thread_keyring \"\n"
+"                        \"process_keyring session_keyring\\en\", argv[0]);\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    fp = fopen(\"/tmp/key_instantiate.log\", \"w\");\n"
+"    if (fp == NULL)\n"
+"        exit(EXIT_FAILURE);\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "    setbuf(fp, NULL);\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    t = time(NULL);\n"
+"    fprintf(fp, \"Time: %s\\en\", ctime(&t));\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    /*\n"
+"     * The kernel passes a fixed set of arguments to the program\n"
+"     * that it execs; fetch them.\n"
+"     */\n"
+"    operation = argv[1];\n"
+"    key_to_instantiate = atoi(argv[2]);\n"
+"    uid = atoi(argv[3]);\n"
+"    gid = atoi(argv[4]);\n"
+"    thread_keyring = atoi(argv[5]);\n"
+"    process_keyring = atoi(argv[6]);\n"
+"    session_keyring = atoi(argv[7]);\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    fprintf(fp, \"Command line arguments:\\en\");\n"
+"    fprintf(fp, \"  argv[0]:            %s\\en\", argv[0]);\n"
+"    fprintf(fp, \"  operation:          %s\\en\", operation);\n"
+"    fprintf(fp, \"  key_to_instantiate: %jx\\en\",\n"
+"            (uintmax_t) key_to_instantiate);\n"
+"    fprintf(fp, \"  UID:                %jd\\en\", (intmax_t) uid);\n"
+"    fprintf(fp, \"  GID:                %jd\\en\", (intmax_t) gid);\n"
+"    fprintf(fp, \"  thread_keyring:     %jx\\en\",\n"
+"            (uintmax_t) thread_keyring);\n"
+"    fprintf(fp, \"  process_keyring:    %jx\\en\",\n"
+"            (uintmax_t) process_keyring);\n"
+"    fprintf(fp, \"  session_keyring:    %jx\\en\",\n"
+"            (uintmax_t) session_keyring);\n"
+"    fprintf(fp, \"\\en\");\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    /*\n"
+"     * Assume the authority to instantiate the key named in argv[2].\n"
+"     */\n"
+"    if (keyctl(KEYCTL_ASSUME_AUTHORITY, key_to_instantiate) == -1) {\n"
+"        fprintf(fp, \"KEYCTL_ASSUME_AUTHORITY failed: %s\\en\",\n"
+"                strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    /*\n"
+"     * Fetch the description of the key that is to be instantiated.\n"
+"     */\n"
+"    if (keyctl(KEYCTL_DESCRIBE, key_to_instantiate,\n"
+"               dbuf, sizeof(dbuf)) == -1) {\n"
+"        fprintf(fp, \"KEYCTL_DESCRIBE failed: %s\\en\", strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "    fprintf(fp, \"Key description:      %s\\en\", dbuf);\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    /*\n"
+"     * Fetch the payload of the authorization key, which is\n"
+"     * actually the callout data given to request_key().\n"
+"     */\n"
+"    akp_size = keyctl(KEYCTL_READ, KEY_SPEC_REQKEY_AUTH_KEY,\n"
+"                      auth_key_payload, sizeof(auth_key_payload));\n"
+"    if (akp_size == -1) {\n"
+"        fprintf(fp, \"KEYCTL_READ failed: %s\\en\", strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    auth_key_payload[akp_size] = \\[aq]\\e0\\[aq];\n"
+"    fprintf(fp, \"Auth key payload:     %s\\en\", auth_key_payload);\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    /*\n"
+"     * For interest, get the ID of the authorization key and\n"
+"     * display it.\n"
+"     */\n"
+"    auth_key = keyctl(KEYCTL_GET_KEYRING_ID,\n"
+"                      KEY_SPEC_REQKEY_AUTH_KEY);\n"
+"    if (auth_key == -1) {\n"
+"        fprintf(fp, \"KEYCTL_GET_KEYRING_ID failed: %s\\en\",\n"
+"                strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "    fprintf(fp, \"Auth key ID:          %jx\\en\", (uintmax_t) auth_key);\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    /*\n"
+"     * Fetch key ID for the request_key(2) destination keyring.\n"
+"     */\n"
+"    dest_keyring = keyctl(KEYCTL_GET_KEYRING_ID,\n"
+"                          KEY_SPEC_REQUESTOR_KEYRING);\n"
+"    if (dest_keyring == -1) {\n"
+"        fprintf(fp, \"KEYCTL_GET_KEYRING_ID failed: %s\\en\",\n"
+"                strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "    fprintf(fp, \"Destination keyring:  %jx\\en\", (uintmax_t) dest_keyring);\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    /*\n"
+"     * Fetch the description of the authorization key. This\n"
+"     * allows us to see the key type, UID, GID, permissions,\n"
+"     * and description (name) of the key. Among other things,\n"
+"     * we will see that the name of the key is a hexadecimal\n"
+"     * string representing the ID of the key to be instantiated.\n"
+"     */\n"
+"    if (keyctl(KEYCTL_DESCRIBE, KEY_SPEC_REQKEY_AUTH_KEY,\n"
+"               dbuf, sizeof(dbuf)) == -1)\n"
+"    {\n"
+"        fprintf(fp, \"KEYCTL_DESCRIBE failed: %s\\en\", strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "    fprintf(fp, \"Auth key description: %s\\en\", dbuf);\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    /*\n"
+"     * Instantiate the key using the callout data that was supplied\n"
+"     * in the payload of the authorization key.\n"
+"     */\n"
+"    if (keyctl(KEYCTL_INSTANTIATE, key_to_instantiate,\n"
+"               auth_key_payload, akp_size + 1, dest_keyring) == -1)\n"
+"    {\n"
+"        fprintf(fp, \"KEYCTL_INSTANTIATE failed: %s\\en\",\n"
+"                strerror(errno));\n"
+"        exit(EXIT_FAILURE);\n"
+"    }\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"    exit(EXIT_SUCCESS);\n"
+"}\n"
+msgstr ""
+
+#. type: TH
+#: debian-unstable opensuse-tumbleweed
+#, no-wrap
+msgid "2023-05-03"
+msgstr ""
+
+#. type: TH
+#: debian-unstable opensuse-tumbleweed
+#, no-wrap
+msgid "Linux man-pages 6.05.01"
+msgstr ""
+
+#. type: TH
+#: opensuse-leap-15-6
+#, no-wrap
+msgid "2023-03-30"
+msgstr ""
+
+#. type: TH
+#: opensuse-leap-15-6
+#, no-wrap
+msgid "Linux man-pages 6.04"
+msgstr ""