This file is indexed.

/etc/request-key.conf is in keyutils 1.5.6-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
###############################################################################
#
# Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
# Written by David Howells (dhowells@redhat.com)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version
# 2 of the License, or (at your option) any later version.
#
###############################################################################


###############################################################################
#
# We can run programs or scripts
# - Macro substitutions in arguments:
#	%%...	%...
#	%o	operation name
#	%k	ID of key being operated upon
#	%t	type of key being operated upon
#	%d	description of key being operated upon
#	%c	callout info
#	%u	UID of requestor
#	%g	GID of requestor
#	%T	thread keyring of requestor (may be 0)
#	%P	process keyring of requestor (may be 0)
#	%S	session keyring of requestor (may be the user's default session)
#
################################################################################

#OP	TYPE	DESCRIPTION	CALLOUT INFO	PROGRAM ARG1 ARG2 ARG3 ...
#======	=======	===============	===============	===============================
create  dns_resolver *		*               /sbin/key.dns_resolver %k
create	user	debug:*		negate		/bin/keyctl negate %k 30 %S
create  user    debug:*         rejected        /bin/keyctl reject %k 30 %c %S
create  user    debug:*         expired         /bin/keyctl reject %k 30 %c %S
create  user    debug:*         revoked         /bin/keyctl reject %k 30 %c %S
create	user	debug:loop:*	*		|/bin/cat
create	user	debug:*		*		/usr/share/keyutils/request-key-debug.sh %k %d %c %S
create	cifs.spnego	*	*		/usr/sbin/cifs.upcall -c %k
create	dns_resolver	*	*		/usr/sbin/cifs.upcall %k
negate	*	*		*		/bin/keyctl negate %k 30 %S