Nproc is a funny beast. What nproc actually means is the number of processes that user is allowed to start. There's no per-profile or per-program meanings available. Granted, your web server is almost certainly the only program actually run by that user account, but there is no way to limit per-virtual host or per directory or per location number of processes.
For your example of nproc 1 for a site, your server would get a single process to handle all incoming and outgoing traffic on all sites hosted on that server -- the root-owned master process doesn't handle any traffic. Sorry. -----Original Message----- From: Jeroen Ooms <jeroen.o...@stat.ucla.edu> Sender: apparmor-boun...@lists.ubuntu.com Date: Thu, 2 Feb 2012 13:59:25 To: John Johansen<john.johan...@canonical.com> Cc: <apparmor@lists.ubuntu.com> Subject: Re: [apparmor] rlimit # of cores > Not at this time, the apparmor rlimit controls are just a way of setting > the systems ulimits (man ulimit). > > We have looked at, and have played with adding extended resource controls > leveraging cgroups, but this is not available yet. Hmm that is a bummer. I suppose maybe I should restrict the number of processes instead. I got a little confused about the meaning of nproc though. If I were ^mysite{ set rlimit nrpoc <= 1, } Does this mean 1 process per incoming request, or only 1 process for the entire site? -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor