python - Using Linux kernel add_key and keyctl syscalls with group keyring -

i'm building application needs use linux group keyring share sensitive data between processes different owners. whenever try access group keyring (e.g."@g" or "-6") using either keyctl command or underlying api, error.

i'm guessing have set kind of state let know of groups keyring for, documentation on kernel feature sparse. know how make work groups?

the method call (currently using python's ctypes, directly call shared library functions, works fine other keyrings):

>>> import ctypes >>> keyutils = ctypes.cdll('libkeyutils.so.1') >>> key_id = 'foo' >>> key_value = 'bar' >>> keyutils.add_key('user', key_id, key_value, len(key_value), -5) 268186515 >>> keyutils.add_key('user', key_id, key_value, len(key_value), -6) -1 

based on looking @ man page keyctl seem group based keyrings aren't implemented in kernel yet.

(*) group specific keyring: @g or -6     place holder group specific keyring, not implemented yet in kernel. 

taking @ recent stable kernel source backs man page says: http://lxr.linux.no/#linux+v3.2.9/security/keys/process_keys.c#l641

so code correct... it's attempting use functionality isn't there yet.