How to restrict child thread or a child process to restrict from forking in C

Question

In C language,I have a child thread(using pthreads), Is there any way to restrict this child, so that we can't call fork inside this thread?

If we write fork inside, program should not compile.

I can also have a child process instead of child thread, as long as it cannot fork further.

Basically how can I have a child process or child thread, which cannot fork a process any further.

Answer 1

You can always try to play games with pthread_atfork: http://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_atfork.html

Basically, you can use pthread_atfork() to install a "child" callback which always calls exit(). This way, your threads may still fork, but the forked process will exit immediately, so no harm will be done (and only a minimal overhead incurred).

With processes it may be somewhat more complicated. Linux allows you to limit a number of processes per user (so called RLIMIT_NPROC when set with setrlimit()). When this limit is reached, no further forks are possible for a given user id. Thus, you can create a parent process with a CAP_SETUID capability and a dummy user, having the RLIMIT_NPROC set to 1. This way, you can fork from parent, change the child uid to that of the "limited" user you've created in advance and drop the CAP_SETUID capability. At this point, child will have no possible way to fork itself.