* Using chpst to block setpgrp?
@ 2005-05-12 15:27 Ian Stokes-Rees
0 siblings, 0 replies; only message in thread
From: Ian Stokes-Rees @ 2005-05-12 15:27 UTC (permalink / raw)
Hi,
I am pretty sure the answer to this question is "no way", but is there
any mechanism that can be used to block "setpgrp"? I can't see that
there is. Basically we are using runit to start arbitrary user
"processes" but we want to keep track of them. If they "daemonize" or
change their process group they can get away from us. The (quasi)
inverse of "chpst -P" would be nice.
This is all for a batch scheduler -- people can circumvent the system
through daemons and process groups so that their processes keep
executing beyond their allocated time either to get a bigger slice or
for more malicious reasons such as to snoop on the subsequent jobs which
run.
I suppose in any case there is nothing to stop a user from doing a
regular "fork and kill" which would immediately invalidate the PPID, but
I am less clear on what would happen to the PGID in this case.
We would like to have PGID fixed for all processes started by a single
user process so that we can "corral" them and then kill them all when
the original process exits/dies or the alotted time expires.
Cheers,
Ian
--
Ian Stokes-Rees i.stokes-rees@physics.ox.ac.uk
Particle Physics, Oxford http://www-pnp.physics.ox.ac.uk/~stokes
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-05-12 15:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-05-12 15:27 Using chpst to block setpgrp? Ian Stokes-Rees
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).