Resource Limits

Secure Exec bounds each VM with per-VM resource caps so untrusted guest code can never exhaust the host. At a glance:

• Per-VM caps: Each VM gets its own ceilings on concurrent processes, open file descriptors, sockets, total filesystem bytes, and WASM stack depth.
• Kernel-enforced: The kernel mediates and accounts for every allocation. There is no path for the guest to reach host resources around these limits.
• Guest-local failure: A guest that exceeds a cap fails inside its own VM with a normal POSIX errno, exactly as it would on real Linux.
• Host is unaffected: Hitting a limit terminates or fails the guest operation only; the sidecar and host process stay intact and the VM keeps running.
• Operator-raisable: The caller configures the limits per VM and can raise or lower them to fit the workload.

Full reference

The canonical limit names, defaults, and configuration API are owned by agentOS.

agentOS: Resource Limits The complete set of per-VM resource limits, defaults, and configuration options.