[apparmor] rlimit # of cores
Jeroen Ooms
jeroen.ooms at stat.ucla.edu
Sat Feb 4 01:51:29 UTC 2012
On Thu, Feb 2, 2012 at 2:07 PM, Seth Arnold <seth.arnold at gmail.com> wrote:
> For your example of nproc 1 for a site, your server would get a single process to handle all incoming and outgoing traffic on all sites hosted on that server -- the root-owned master process doesn't handle any traffic.
So just for fun I actually tried this, but it doesn't seem to do a
lot. If I set nproc inside
/usr/lib/apache2/mpm-prefork/apache2 {
set rlimit nproc <= 50,
...
}
it does what you described, but if I set it inside a hat profile
somewhere, it seems to be simply ignored...
To test I use this bash script:
while [ "true" ]
do
clear
pgrep -u www-data | wc
sleep 0.5
done
And then I posted some code that launches 100 forks in my web application.
More information about the AppArmor
mailing list