Chris Turner <[EMAIL PROTECTED]> wrote: > Johannes Hofmann wrote: >> Hi, >> >> I'm wondering whether there is a way to prevent a process to modify >> the file system. setrlimit(RLIMIT_FSIZE) to 0 almost does the trick, >> but unfortunately it does not prevent unlink() or truncate(). >> Is there any reason why there is no limit to prevent unlink or >> truncate? >> > > if it works, mounting the FS readonly should work.. > > also, chflags might be helpful.. > > or is this a coding question about coding the program that calls > setrlimit() ? >
Yes, the latter. In a program I want to exec another binary with limited privileges.