[apparmor] problems with setrlimit in Saucy
John Johansen
john.johansen at canonical.com
Tue Oct 22 09:07:57 UTC 2013
On 10/17/2013 06:06 PM, Seth Arnold wrote:
> On Thu, Oct 17, 2013 at 08:54:18PM -0400, Jeroen Ooms wrote:
>> This is not directly related to AppArmor, but since apparmor allows
>> setting rlimits in profiles I was wondering if anyone has noticed
>> problems with setrlimit in recent kernels?
>>
>> I upgraded to Ubuntu Saucy (13.10) today and have started noticing
>> problems both with RLIMIT_NPROC and RLIMIT_AS. See also
>> http://askubuntu.com/questions/360621/major-problems-with-setrlimit-after-upgrading-to-saucy.
>>
>> Have there been any recent changes in setrlimit?
>
there where some changes that could be causing this
> My hypothesis for the RLIMIT_NPROC change might be down to the Apache MPM
> in use; if you were using prefork before and worker afterwards, the extra
that is possible but I wouldn't rule out changes in process, or apparmors
application of rlimits.
> pile of threads created by Apache httpd may not show up via simple ps(1)
> listings, but they still count as "processes" because Linux processes and
> threads are highly comingled things.
>
true
> Check the difference between ps -ef and ps -eLf and see if that explains
> NPROC changes...
>
IT would be nice to see this but if you are doing this I would recommend
ps -Zef and ps-ZeLf
so we can see what the security context is
> Thanks
>
>
>
More information about the AppArmor
mailing list