Home

prctl

prctl is a Linux system call used to control certain attributes of a process at runtime. It provides a mechanism for querying or configuring various per-process properties and is commonly used by daemons, containers, and security-sensitive programs. The interface is exposed in C as int prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) and is declared in sys/prctl.h. A successful call returns 0; on error, -1 is returned with errno set.

Typical uses of prctl include setting or getting the process name, constraining privileges, and enabling security

Notes on usage and scope are important. prctl affects the calling thread or the process depending on

features.
Common
options
are
PR_SET_NAME
and
PR_GET_NAME
for
the
thread
name
(stored
in
the
kernel’s
task
structure
and
typically
limited
to
16
bytes).
PR_SET_PDEATHSIG
allows
a
process
to
receive
a
specified
signal
if
its
parent
dies.
PR_SET_NO_NEW_PRIVS
prevents
a
program
from
gaining
new
privileges
via
execve.
PR_SET_SECCOMP
enables
seccomp
filtering,
and
PR_SET_DUMPABLE
controls
whether
the
process
can
produce
core
dumps
or
be
debugged.
Other
options
control
capability
retention
(PR_SET_KEEPCAPS),
ptrace
permissions
(PR_SET_PTRACER),
and
process
hierarchy
behavior
(PR_SET_CHILD_SUBREAPER).
the
option;
many
options
require
appropriate
privileges
(for
example,
CAP_SYS_ADMIN).
The
interface
is
Linux-specific
and
not
portable
to
other
kernels.
In
practice,
prctl
is
a
key
tool
for
configuring
runtime
behavior,
enforcing
security
boundaries,
and
integrating
with
container
runtimes
and
system
daemons.