Agent Container Resource Limits

Infrastructure · updated Fri Feb 27

Hardening the execution kernel by strictly limiting CPU and memory bandwidth for AI agents.

Steps

  1. Set `cpus` or `cpu_quota` to prevent an agent from monopolizing the host CPU.
  2. Define `memory` limits and `memory_reservation` to manage OOM (Out-of-Memory) risks.
  3. Disable or strictly limit `swap` usage to prevent performance degradation during loops.
  4. Configure `pids_limit` to prevent fork-bomb attacks from agent-generated code.
  5. Apply `oom_score_adj` to prioritize agent termination over critical system processes.

view raw JSON →