[apparmor] Prevent process from changing its process group id (`setpgid`)
Jeroen Ooms
jeroen.ooms at stat.ucla.edu
Thu Sep 20 05:18:36 UTC 2012
Is there any way in Linux/AppArmor to prevent a process from modifying
its process group ID,(i.e. by calling setpgid)? I need to do so
because I am creating a sandbox, and I want to be able to kill a
process and all of its children after n seconds. I am identifying the
children from the process group id, so I need to make sure this value
cannot be changed.
There is someting called CAP_SETGID but I think this refers to the
process' user-group id, i.e. what is set by setgid which is something
different from setpgid.
More information about the AppArmor
mailing list