Confirm
502
edits
Changes
→rlimit
rlimit() is a system call that can be used to deny file and process creation. Like chroot(), this may be used as long as no privileged user (such as root) is running any process that is being rlimit'ed.
* Very Relatively easy to implement, well support supported by various operating systems** RLIMIT_FSIZE = 0 requires that no file is written to (within the process) - this can already works** RLIMIT_NOFILE = 0 requires that no new file descriptor is opened (within the process)** RLIMIT_NPROC = 0 requires that no new thread of process is created (within the process)
* Does not require kernel modifications
* Used as fall-back sand-box in other programs, such as OpenSSH
