[apparmor] apparmor and affinity mask
John Johansen
john.johansen at canonical.com
Thu Aug 1 17:11:29 UTC 2013
On 08/01/2013 01:38 AM, Jeroen Ooms wrote:
> I would like to restrict the number of cores/cpu's that a certain
> process can use. The affinity mask provides one method by restricting
> which of the processors are available to the process. However,
> unfortunately there is not rlimit_affinity in linux, so any process
> can reset its own affinity mask.
>
> I was wondering if AppArmor provides any way to do put permanent
> restrictions on the affinity mask?
>
Not yet, apparmor 2.x series is limited to controlling rlimits. The
in development apparmor 3 series will pick up additional controls.
There are plans for adding cgroups based resource controls, scheduling
etc. However not all of these extension will make it in the 3.0 release
this fall.
More information about the AppArmor
mailing list