[apparmor] Prevent process from changing its process group id (`setpgid`)
Seth Arnold
seth.arnold at gmail.com
Thu Sep 20 05:28:43 UTC 2012
Without looking at the kernel code this seems unlikely; a more likely approach to recognizing all children and grandchildren of a task is probably going to be through cgroups. Check the kernel source Documentation/ directory for details on cgroups.
I hope this helps,
Thanks
-----Original Message-----
From: Jeroen Ooms <jeroen.ooms at stat.ucla.edu>
Sender: apparmor-bounces at lists.ubuntu.com
Date: Wed, 19 Sep 2012 22:18:36
To: <apparmor at lists.ubuntu.com>
Subject: [apparmor] Prevent process from changing its process group id
(`setpgid`)
Is there any way in Linux/AppArmor to prevent a process from modifying
its process group ID,(i.e. by calling setpgid)? I need to do so
because I am creating a sandbox, and I want to be able to kill a
process and all of its children after n seconds. I am identifying the
children from the process group id, so I need to make sure this value
cannot be changed.
There is someting called CAP_SETGID but I think this refers to the
process' user-group id, i.e. what is set by setgid which is something
different from setpgid.
--
AppArmor mailing list
AppArmor at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
More information about the AppArmor
mailing list