Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sandboxing
Top Forums Programming Sandboxing Post 302965410 by jgt on Thursday 28th of January 2016 01:55:04 PM
Old 01-28-2016
Typically when setting up a user with a restricted shell, the user's profile sets the PATH variable to $HOME/bin.
The administrator then creates soft links in $HOME/bin to any programs the user is allowed to execute.
 

LEARN ABOUT NETBSD

fork

FORK(2) 						      BSD System Calls Manual							   FORK(2)

NAME

     fork -- create a new process

LIBRARY

     Standard C Library (libc, -lc)

SYNOPSIS

     #include <unistd.h>

     pid_t
     fork(void);

DESCRIPTION

     fork() causes creation of a new process.  The new process (child process) is an exact copy of the calling process (parent process) except for
     the following:

	   o   The child process has a unique process ID.

	   o   The child process has a different parent process ID (i.e., the process ID of the parent process).

	   o   The child process has its own copy of the parent's descriptors.	These descriptors reference the same underlying objects, so that,
	       for instance, file pointers in file objects are shared between the child and the parent, so that an lseek(2) on a descriptor in the
	       child process can affect a subsequent read(2) or write(2) by the parent.  This descriptor copying is also used by the shell to
	       establish standard input and output for newly created processes as well as to set up pipes.

	   o   The child process' resource utilizations are set to 0; see setrlimit(2).

     In general, the child process should call _exit(2) rather than exit(3).  Otherwise, any stdio buffers that exist both in the parent and child
     will be flushed twice.  Similarly, _exit(2) should be used to prevent atexit(3) routines from being called twice (once in the parent and once
     in the child).

     In case of a threaded program, only the thread calling fork() is still running in the child processes.

     Child processes of a threaded program have additional restrictions, a child must only call functions that are async-signal-safe.  Very few
     functions are asynchronously safe and applications should make sure they call exec(3) as soon as possible.

RETURN VALUES

     Upon successful completion, fork() returns a value of 0 to the child process and returns the process ID of the child process to the parent
     process.  Otherwise, a value of -1 is returned to the parent process, no child process is created, and the global variable errno is set to
     indicate the error.

ERRORS

     fork() will fail and no child process will be created if:

     [EAGAIN]  The system-imposed limit on the total number of processes under execution would be exceeded.  This limit is configuration-depen-
	       dent.

     [EAGAIN]  The limit RLIMIT_NPROC on the total number of processes under execution by this user id would be exceeded.

     [ENOMEM]  There is insufficient swap space for the new process.

SEE ALSO

     execve(2), setrlimit(2), vfork(2), wait(2), pthread_atfork(3)

STANDARDS

     The fork() function conforms to ISO/IEC 9945-1:1990 (``POSIX.1'').

HISTORY

     A fork() system call appeared in Version 6 AT&T UNIX.

BSD
								   June 10, 2004							       BSD
All times are GMT -4. The time now is 07:08 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy