1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
.\" Copyright, the authors of the Linux man-pages project
.\"
.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.TH PR_SET_MDWE 2const 2025-05-17 "Linux man-pages (unreleased)"
.SH NAME
PR_SET_MDWE
\-
set the Memory-Deny-Write-Execute protection mask for the calling process
.SH LIBRARY
Standard C library
.RI ( libc ,\~ \-lc )
.SH SYNOPSIS
.nf
.BR "#include <linux/prctl.h>" " /* Definition of " PR_* " constants */"
.B #include <sys/prctl.h>
.P
.BI "int prctl(PR_SET_MDWE, unsigned long " mask ", 0L, 0L, 0L);"
.fi
.SH DESCRIPTION
Set the calling process' Memory-Deny-Write-Execute protection mask.
Once protection bits are set,
they can not be changed.
.P
.I mask
must be a bit mask of:
.TP
.B PR_MDWE_REFUSE_EXEC_GAIN
New memory mapping protections can't be writable and executable.
Non-executable mappings can't become executable.
.TP
.B PR_MDWE_NO_INHERIT " (since Linux 6.6)"
.\" commit 2a87e5520554034e8c423479740f95bea4a086a0
Do not propagate MDWE protection to child processes on
.BR fork (2).
Setting this bit requires setting
.B PR_MDWE_REFUSE_EXEC_GAIN
too.
.SH RETURN VALUE
On success,
0 is returned.
On error, \-1 is returned, and
.I errno
is set to indicate the error.
.SH ERRORS
.TP
.B EINVAL
.I mask
is not a valid value.
.SH STANDARDS
Linux.
.SH HISTORY
Linux 6.3.
.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
.SH SEE ALSO
.BR prctl (2),
.BR PR_GET_MDWE (2const)
|
