Resource limiting
iocage can enable optional resource limits for a jail. The outlined procedure should provide enough for a decent starting point.
Limit jail to a single hardware thread or core (CPU affinity).
- pin jail to a single thread or core number 1 iocage set cpuset=1 UUID
- start jail iocage start UUID
- list applied limits iocage limits UUID, you should see CPU affinity: 1, jail is only allowed to run on core/thread number 1.
Limit RSS memory use (can be done on-the-fly)
- limit to 4G DRAM memory use iocage set memoryuse=4G:deny UUID
- turn on resource limiting for jail iocage set rlimits=on UUID
- apply limit on-the-fly iocage cap UUID
- check active limits iocage limits UUID, should list jail:ioc-UUID:memoryuse:deny=4096M
Limit CPU execution to 20%
- iocage set pcpu=20:deny UUID
- iocage cap UUID
- check limits iocage limits UUID