OT: setrlimit equivalent to prevent unlink or truncate

[Matthew Dillon]

:> if it works, mounting the FS readonly should work..
:> 
:> also, chflags might be helpful..
:> 
:> or is this a coding question about coding the program that calls 
:> setrlimit() ?
:> 
:
:Yes, the latter. In a program I want to exec another binary with
:limited privileges.

    I've thought about this problem off and on for ages, looking at
    FreeBSD's extattr stuff and OpenBSD's syscall filters.  Frankly,
    I don't like either solution.  The filesystem-based solution looks
    almost impossible to manage and the syscall filter mechanic alone
    is like a big stick with no fine control.

    What I would to implement (or see implemented) is an inherited
    capability and audit control list which specifies restrictions on
    filesystem, network, and syscall access.  The capabilities can only
    become more restrictive as they pass down the inheritance chain and
    there would also be a capability to govern the inheritance itself
    (separate capabilities for fork, exec, and uid/gid changes).

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>