[apparmor] rlimit # of cores
Seth Arnold
seth.arnold at gmail.com
Thu Feb 2 22:07:21 UTC 2012
Nproc is a funny beast.
What nproc actually means is the number of processes that user is allowed to start. There's no per-profile or per-program meanings available. Granted, your web server is almost certainly the only program actually run by that user account, but there is no way to limit per-virtual host or per directory or per location number of processes.
For your example of nproc 1 for a site, your server would get a single process to handle all incoming and outgoing traffic on all sites hosted on that server -- the root-owned master process doesn't handle any traffic.
Sorry.
-----Original Message-----
From: Jeroen Ooms <jeroen.ooms at stat.ucla.edu>
Sender: apparmor-bounces at lists.ubuntu.com
Date: Thu, 2 Feb 2012 13:59:25
To: John Johansen<john.johansen at canonical.com>
Cc: <apparmor at lists.ubuntu.com>
Subject: Re: [apparmor] rlimit # of cores
> Not at this time, the apparmor rlimit controls are just a way of setting
> the systems ulimits (man ulimit).
>
> We have looked at, and have played with adding extended resource controls
> leveraging cgroups, but this is not available yet.
Hmm that is a bummer. I suppose maybe I should restrict the number of
processes instead.
I got a little confused about the meaning of nproc though. If I were
^mysite{
set rlimit nrpoc <= 1,
}
Does this mean 1 process per incoming request, or only 1 process for
the entire site?
--
AppArmor mailing list
AppArmor at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
More information about the AppArmor
mailing list