From 080ce3884168d350eae2a7ae284b77e4a22107f6 Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@protonmail.com>
Date: Sat, 2 Apr 2022 05:47:33 +0200
Subject: [PATCH] more conservative pid_limit example

---
 content/posts/docker-hardening.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/posts/docker-hardening.md b/content/posts/docker-hardening.md
index e11344a..f292102 100644
--- a/content/posts/docker-hardening.md
+++ b/content/posts/docker-hardening.md
@@ -148,7 +148,7 @@ Use cgroups to restrict access to hardware and system resources. You likely don'
 ```
     mem_limit: 4g
     cpus: 4
-    pids_limit: 100
+    pids_limit: 256
 ```
 
 More runtime options can be found in [the official documentation](https://docs.docker.com/config/containers/resource_constraints/). All of them should have a [Compose spec](https://github.com/compose-spec/compose-spec/blob/master/spec.md) equivalent.