OT: setrlimit equivalent to prevent unlink or truncate
dillon at apollo.backplane.com
Fri May 30 15:06:05 PDT 2008
:> if it works, mounting the FS readonly should work..
:> also, chflags might be helpful..
:> or is this a coding question about coding the program that calls
:> setrlimit() ?
:Yes, the latter. In a program I want to exec another binary with
I've thought about this problem off and on for ages, looking at
FreeBSD's extattr stuff and OpenBSD's syscall filters. Frankly,
I don't like either solution. The filesystem-based solution looks
almost impossible to manage and the syscall filter mechanic alone
is like a big stick with no fine control.
What I would to implement (or see implemented) is an inherited
capability and audit control list which specifies restrictions on
filesystem, network, and syscall access. The capabilities can only
become more restrictive as they pass down the inheritance chain and
there would also be a capability to govern the inheritance itself
(separate capabilities for fork, exec, and uid/gid changes).
<dillon at backplane.com>
More information about the Users