Nproc is a funny beast.
What nproc actually means is the number of processes that user is allowed to
start. There's no per-profile or per-program meanings available. Granted, your
web server is almost certainly the only program actually run by that user
account, but there is no way to limit per-virtual host or per directory or per
location number of processes.
For your example of nproc 1 for a site, your server would get a single process
to handle all incoming and outgoing traffic on all sites hosted on that server
-- the root-owned master process doesn't handle any traffic.
Sorry.
-----Original Message-----
From: Jeroen Ooms <jeroen.o...@stat.ucla.edu>
Sender: apparmor-boun...@lists.ubuntu.com
Date: Thu, 2 Feb 2012 13:59:25
To: John Johansen<john.johan...@canonical.com>
Cc: <apparmor@lists.ubuntu.com>
Subject: Re: [apparmor] rlimit # of cores
> Not at this time, the apparmor rlimit controls are just a way of setting
> the systems ulimits (man ulimit).
>
> We have looked at, and have played with adding extended resource controls
> leveraging cgroups, but this is not available yet.
Hmm that is a bummer. I suppose maybe I should restrict the number of
processes instead.
I got a little confused about the meaning of nproc though. If I were
^mysite{
set rlimit nrpoc <= 1,
}
Does this mean 1 process per incoming request, or only 1 process for
the entire site?
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
