1- # Process Limits
1+ ---
2+ title :
3+ page : " Process Limits — Fork Bomb Protection"
4+ nav : " Process Limits"
5+ description : " Fork bomb protection via cgroup pids.max and ulimit enforcement."
6+ keywords : ["security", "fork bomb", "process limits", "pids-limit", "ulimit"]
7+ topics : ["security"]
8+ tags : ["hardening", "sandbox", "process-limits"]
9+ content :
10+ type : reference
11+ difficulty : technical_beginner
12+ audience : ["operator", "contributor"]
13+ status : published
14+ ---
15+
16+ <!--
17+ SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
18+ SPDX-License-Identifier: Apache-2.0
19+ -->
220
3- ## Fork Bomb Protection
21+ # Process Limits
422
5- Without process limits, a prompt-injected agent can exhaust host resources
6- by spawning processes recursively.
23+ Without process limits, a prompt-injected agent can exhaust host resources by spawning processes recursively.
724
8- ### Defence Layers
25+ ## Defence Layers
926
10- ``` mermaid
27+ ``` { mermaid}
1128graph TD
1229 subgraph "Process Limit Enforcement"
1330 A[Agent spawns processes] --> B{ulimit -u set?}
@@ -28,37 +45,33 @@ graph TD
2845 J --> K[System stays responsive]
2946```
3047
31- ### Configuration
48+ ## Configuration
3249
33- The default process limit is 512 per sandbox. This is sufficient for normal
34- agent operation (typically < 50 processes) whilst preventing fork bombs.
50+ NemoClaw enforces a default process limit of 512 per sandbox.
51+ This is sufficient for normal agent operation (typically < 50 processes) whilst preventing fork bombs.
3552
3653| Setting | Where | Default |
3754| ---------| -------| ---------|
3855| ` ulimit -u ` | nemoclaw-start.sh | 512 (if unlimited) |
3956| ` --pids-limit ` | Container runtime | 512 (via ` docker update ` ) |
4057| cgroup ` pids.max ` | Kernel | Set by container runtime |
4158
42- ### How It Works
59+ ## How It Works
4360
44- 1 . ** Container level (primary):** During onboarding, ` nemoclaw onboard ` calls
45- ` docker update --pids-limit 512 ` after sandbox creation. This sets the
46- cgroup ` pids.max ` value, which the kernel enforces regardless of what
47- happens inside the container.
61+ 1 . ** Container level (primary):** During onboarding, ` nemoclaw onboard ` calls ` docker update --pids-limit 512 ` after sandbox creation.
62+ This sets the cgroup ` pids.max ` value, which the kernel enforces regardless of what happens inside the container.
4863
49- 2 . ** In-sandbox fallback:** ` nemoclaw-start.sh ` checks ` ulimit -u ` at
50- startup. If the value is ` unlimited ` (meaning the container runtime
51- didn't set a limit), it sets ` ulimit -u 512 ` as a safety net.
64+ 2 . ** In-sandbox fallback:** ` nemoclaw-start.sh ` checks ` ulimit -u ` at startup.
65+ If the value is ` unlimited ` (meaning the container runtime did not set a limit), it sets ` ulimit -u 512 ` as a safety net.
5266
53- 3 . ** Policy documentation:** The sandbox policy YAML documents that
54- OpenShell does not currently expose a ` pids_limit ` field, so the
55- limit must be enforced at the container runtime level.
67+ 3 . ** Policy documentation:** The sandbox policy YAML documents that OpenShell does not currently expose a ` pids_limit ` field.
68+ The limit must therefore be enforced at the container runtime level.
5669
57- ### Overriding the Default
70+ ## Overriding the Default
5871
59- Set ` NEMOCLAW_PIDS_LIMIT ` before running ` nemoclaw onboard ` to change
60- the default:
72+ Set ` NEMOCLAW_PIDS_LIMIT ` before running ` nemoclaw onboard ` to change the default.
73+ The value must be a positive integer; non-numeric values are silently replaced with the default (512).
6174
62- ``` bash
63- NEMOCLAW_PIDS_LIMIT=1024 nemoclaw onboard
75+ ``` console
76+ $ NEMOCLAW_PIDS_LIMIT=1024 nemoclaw onboard
6477```
0 commit comments