[apparmor] rlimit # of cores

Jeroen Ooms jeroen.ooms at stat.ucla.edu
Thu Feb 2 21:59:25 UTC 2012


> Not at this time, the apparmor rlimit controls are just a way of setting
> the systems ulimits (man ulimit).
>
> We have looked at, and have played with adding extended resource controls
> leveraging cgroups, but this is not available yet.


Hmm that is a bummer. I suppose maybe I should restrict the number of
processes instead.
I got a little confused about the meaning of nproc though. If I were

^mysite{
  set rlimit nrpoc <= 1,
}

Does this mean 1 process per incoming request, or only 1 process for
the entire site?



More information about the AppArmor mailing list