[apparmor] rlimit # of cores

Jeroen Ooms jeroen.ooms at stat.ucla.edu
Thu Feb 2 21:59:25 UTC 2012

> Not at this time, the apparmor rlimit controls are just a way of setting
> the systems ulimits (man ulimit).
> We have looked at, and have played with adding extended resource controls
> leveraging cgroups, but this is not available yet.

Hmm that is a bummer. I suppose maybe I should restrict the number of
processes instead.
I got a little confused about the meaning of nproc though. If I were

  set rlimit nrpoc <= 1,

Does this mean 1 process per incoming request, or only 1 process for
the entire site?

More information about the AppArmor mailing list