Fork bomb stalls other Docker containers

Hello everyone, I’m not sure if this is the right place to post this, if not please redirect me!

Problem

I am currently running a Kubernetes cluster with JupyterHub, a service which allows multiple users to create notebooks. Each user who logs in gets a pod assigned to them with a Docker container, which is running Ubuntu along with other packages. (Here’s an example of a Dockerfile that we use.)

We tried running a fork bomb inside a Jupyter notebook (i.e. inside the Docker container). The container and other user containers on the same node stalled.

I would usually delete the Kubernetes pods to fix a problem like this. That course of action didn’t work and even the commands to delete/stop the Docker containers would stall.

Expected Solution

I expect that only the user container, not multiple user containers, to stall. Even then, I want to include restrictions to prevent that user container from stalling during a fork bomb.

If you’re interested, I have more information in this Github issue! Thank you!

I figured that I could set a limit on user processes in /etc/security/limits.conf permanently, but this doesn’t seem to apply if I can’t restart the OS. Is there a way to set user processes limits from a Dockerfile?