Nproc is a funny beast. What nproc actually means is the number of processes that user is allowed to start. There's no per-profile or per-program meanings available. Granted, your web server is almost certainly the only program actually run by that user account, but there is no way to limit per-virtual host or per directory or per location number of processes.
For your example of nproc 1 for a site, your server would get a single process to handle all incoming and outgoing traffic on all sites hosted on that server -- the root-owned master process doesn't handle any traffic. Sorry. -----Original Message----- From: Jeroen Ooms <[email protected]> Sender: [email protected] Date: Thu, 2 Feb 2012 13:59:25 To: John Johansen<[email protected]> Cc: <[email protected]> Subject: Re: [apparmor] rlimit # of cores > Not at this time, the apparmor rlimit controls are just a way of setting > the systems ulimits (man ulimit). > > We have looked at, and have played with adding extended resource controls > leveraging cgroups, but this is not available yet. Hmm that is a bummer. I suppose maybe I should restrict the number of processes instead. I got a little confused about the meaning of nproc though. If I were ^mysite{ set rlimit nrpoc <= 1, } Does this mean 1 process per incoming request, or only 1 process for the entire site? -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
