[apparmor] rlimit # of cores
Jeroen Ooms
jeroen.ooms at stat.ucla.edu
Thu Feb 2 22:46:16 UTC 2012
On Thu, Feb 2, 2012 at 2:07 PM, Seth Arnold <seth.arnold at gmail.com> wrote:
> For your example of nproc 1 for a site, your server would get a single process to handle all incoming and outgoing traffic on all sites hosted on that server -- the root-owned master process doesn't handle any traffic.
Hmmm that is all a bit concerning. So in my application users are
pretty much allowed to push custom code for our scientific program.
The program needs some basic forking/shell functionality. Is there any
way I can prevent a single user from fork-bombing or running too many
parallel shell scripts, etc?
More information about the AppArmor
mailing list