truxnell
commented
1 month ago Consider running containers with limited memory and CPU usage
Consider limiting container memory and CPU usage using the -m and --memory-swap options for memory and swap memory; and the -c option for CPU.
Limit container restarts
To prevent potential denial-of-service resulting from a container that spins out of control, limit container restarts using the --restart=on-failure:N option when creating or running a container.
check if --read-only helps
Ref: https://docs.oracle.com/en/operating-systems/oracle-linux/podman/podman-SecurityRecommendations.html#docker-security-components
systemd analyzer? https://www.opensourcerers.org/2022/04/25/optimizing-a-systemd-service-for-security/