Use the Linux kernel's cgroups (control groups) technology to specify and constrain resource allocation and bandwidth. The cgroup controllers on a modern Linux system include the following: CPU (limits on CPU usage), CPU set (the modern way to perform CPU affinity constraining a group of processes to a set of CPUs), blkio (limits on I/O), devices (limits on which processes can use which devices), freezer (suspend/resume task execution), memory (limits on memory usage), net_cls (network packets tagging with classid), net_prio (limit network traffic per interface), namespaces (ns), perf_event (for performance analysis).
Limiting resources is critical not only from a requirements angle, but from a security ...