Apache directive RLimitNPROC allows for process limiting. According to documentation (http://httpd.apache.org/docs/current/mod/core.html#rlimitnproc ), it's supposed to limit the number of processes forked by Apache children: "This applies to processes forked off from Apache children servicing requests, not the Apache children themselves". On FreeBSD, Apache Children are taken into account by the kernel when enforcing RLimitNPROC. So, for example, it's impossible to run a single CGI that fork the uname command if RLimitNPROC is set to 10 and if you have 9 or more httpd processes. It yields to error logs in messages: kernel: maxproc limit exceeded by uid 80, please see tuning(7) and login.conf(5). And it renders the whole concept of RLimitNPROC useless (for Apache) How-To-Repeat: - install Apache 2.2 on FreeBSD 8.2 - setup Apache with following values: StartServers 5 RLimitNPROC 5 - create a simple CGI script that queries a system command (uname, ls...) - make a GET request to that CGI
Responsible Changed From-To: freebsd-bugs->apache AFAICT this is a bug with the port, not the kernel.
State Changed From-To: open->feedback still a problem?