On 02/01/2012 04:39 PM, Jeroen Ooms wrote:
> Is there a way to rlimit the number of cores and proc time that can be
> used *per incoming http request* in libapache2-mod-apparmor? E.g. I
> have a profile in /etc/apparmor.d/apache2.d/mysite, and I would like
> jobs that are posted to mysite to be able to fork or start
> subprocesses, but not to use more than n cores so that a single job
> cannot consume all system resources. E.g:
>
> ^mysite {
> set rlimit data <= 1G,
> set rlimit fsize <= 1G,
> set rlimit memlock <= 1G,
>
> #include <abstractions/apache2-common>
> #include <abstractions/base>
> #include <abstractions/bash>
> #include <abstractions/fonts>
> #include <abstractions/mysql>
> #include <abstractions/nameservice>
> #include <abstractions/openssl>
> #include <abstractions/ssl_certs>
> #include <abstractions/ssl_keys>
> }
>
> I looked into the docs for rlimit cpu and rlimit nproc, but I am not
> sure that is what I am looking for.
>
Not at this time, the apparmor rlimit controls are just a way of setting
the systems ulimits (man ulimit).
We have looked at, and have played with adding extended resource controls
leveraging cgroups, but this is not available yet.
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
