POSIX defines the mprotect() interface to allow programs to change the permissions of existing regions of memory:
int mprotect (const void *addr, size_t len, int prot);
A call to mprotect() will change the protection mode for the memory pages contained in [addr,addr+len), where addr is page-aligned. Theprotparameter accepts the same values as theprotgiven tommap():PROT_NONE,PROT_READ,PROT_WRITE, andPROT_EXEC. These values are not additive; if a region of memory is readable, andprot is set to onlyPROT_WRITE, the call will make the region only writable.
On some systems,mprotect()may operate only on memory mappings previously created viammap(). On Linux,mprotect()can operate on any region of memory.
On success, mprotect() returns 0. On failure, it returns -1, and setserrnoto one of the following:
The memory cannot be given the permissions requested byprot. This can happen, for example, if you attempt to set the mapping of a file opened read-only to writable.
The parameteraddr is invalid or not page-aligned.
Insufficient kernel memory is available to satisfy the request, or one or more pages in the given memory region are not a valid part of the processí address space.