Ability inheritance

By default, procmgr abilities are set to be noninheritable when a process is forked.

You can modify this setting by specifying the PROCMGR_AOP_INHERIT_YES flag for an ability that might be needed by any children, or PROCMGR_AOP_INHERIT_NO for abilities that were previously inheritable and no longer need to be. When children inherit abilities from their parent, make sure that they change the inheritability of any abilities that any of their children shouldn't receive. For example:

procmgr_ability(0,
                PROCMGR_ADN_NONROOT // Non-root domain
                  | PROCMGR_AOP_ALLOW // Allow the ability
                  | PROCMGR_AOP_INHERIT_NO // Prevent inheritance
                  | PROCMGR_AID_SPAWN_SETUID, // Specified ability
                PROCMGR_AID_EOL // End of ability list.
);

We recommend against making allowed abilities inheritable unless absolutely necessary. Not marking an allowed ability as inheritable allows the system to set it back to a safe default when executing a new process. However, any abilities that have been explicitly locked, denied, or both that shouldn't be accessible to forked or spawned processes should be marked inheritable, to make sure that the locks and deny states persist.

One very important difference exists between way the fork() and spawn() functions handle ability inheritance: