[apparmor] rlimit # of cores
Jeroen Ooms
jeroen.ooms at stat.ucla.edu
Thu Feb 2 00:39:47 UTC 2012
Is there a way to rlimit the number of cores and proc time that can be
used *per incoming http request* in libapache2-mod-apparmor? E.g. I
have a profile in /etc/apparmor.d/apache2.d/mysite, and I would like
jobs that are posted to mysite to be able to fork or start
subprocesses, but not to use more than n cores so that a single job
cannot consume all system resources. E.g:
^mysite {
set rlimit data <= 1G,
set rlimit fsize <= 1G,
set rlimit memlock <= 1G,
#include <abstractions/apache2-common>
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/fonts>
#include <abstractions/mysql>
#include <abstractions/nameservice>
#include <abstractions/openssl>
#include <abstractions/ssl_certs>
#include <abstractions/ssl_keys>
}
I looked into the docs for rlimit cpu and rlimit nproc, but I am not
sure that is what I am looking for.
Thanks,
Jeroen
More information about the AppArmor
mailing list