This manual page is part of the POSIX Programmer's Manual. The Linux
implementation of this interface may differ (consult the
corresponding Linux manual page for details of Linux behavior), or
the interface may not be implemented on Linux.
The mprotect() function shall change the access protections to be
that specified by prot for those whole pages containing any part of
the address space of the process starting at address addr and
continuing for len bytes. The parameter prot determines whether read,
write, execute, or some combination of accesses are permitted to the
data being mapped. The prot argument should be either PROT_NONE or
the bitwise-inclusive OR of one or more of PROT_READ, PROT_WRITE, and
If an implementation cannot support the combination of access types
specified by prot, the call to mprotect() shall fail.
An implementation may permit accesses other than those specified by
prot; however, no implementation shall permit a write to succeed
where PROT_WRITE has not been set or shall permit any access where
PROT_NONE alone has been set. Implementations shall support at least
the following values of prot: PROT_NONE, PROT_READ, PROT_WRITE, and
the bitwise-inclusive OR of PROT_READ and PROT_WRITE. If PROT_WRITE
is specified, the application shall ensure that it has opened the
mapped objects in the specified address range with write permission,
unless MAP_PRIVATE was specified in the original mapping, regardless
of whether the file descriptors used to map the objects have since
The implementation may require that addr be a multiple of the page
size as returned by sysconf().
The behavior of this function is unspecified if the mapping was not
established by a call to mmap().
When mprotect() fails for reasons other than [EINVAL], the
protections on some of the pages in the range [addr,addr+len) may
have been changed.
The mprotect() function shall fail if:
EACCES The prot argument specifies a protection that violates the
access permission the process has to the underlying memory
EAGAIN The prot argument specifies PROT_WRITE over a MAP_PRIVATE
mapping and there are insufficient memory resources to reserve
for locking the private page.
ENOMEM Addresses in the range [addr,addr+len) are invalid for the
address space of a process, or specify one or more pages which
are not mapped.
ENOMEM The prot argument specifies PROT_WRITE on a MAP_PRIVATE
mapping, and it would require more space than the system is
able to supply for locking the private pages, if required.
The implementation does not support the combination of
accesses requested in the prot argument.
The mprotect() function may fail if:
EINVAL The addr argument is not a multiple of the page size as
returned by sysconf().
The following sections are informative.
Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2013 Edition, Standard for Information
Technology -- Portable Operating System Interface (POSIX), The Open
Group Base Specifications Issue 7, Copyright (C) 2013 by the
Institute of Electrical and Electronics Engineers, Inc and The Open
Group. (This is POSIX.1-2008 with the 2013 Technical Corrigendum 1
applied.) In the event of any discrepancy between this version and
the original IEEE and The Open Group Standard, the original IEEE and
The Open Group Standard is the referee document. The original
Standard can be obtained online at http://www.unix.org/online.html .
Any typographical or formatting errors that appear in this page are
most likely to have been introduced during the conversion of the
source files to man page format. To report such errors, see
IEEE/The Open Group 2013 MPROTECT(3P)