You can always try to play games with pthread_atfork
: http://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_atfork.html
Basically, you can use pthread_atfork()
to install a "child" callback which always calls exit()
. This way, your threads may still fork, but the forked process will exit immediately, so no harm will be done (and only a minimal overhead incurred).
With processes it may be somewhat more complicated. Linux allows you to limit a number of processes per user (so called RLIMIT_NPROC when set with setrlimit()
). When this limit is reached, no further forks are possible for a given user id. Thus, you can create a parent process with a CAP_SETUID
capability and a dummy user, having the RLIMIT_NPROC
set to 1. This way, you can fork from parent, change the child uid to that of the "limited" user you've created in advance and drop the CAP_SETUID
capability. At this point, child will have no possible way to fork itself.