For a docker container you can set CPU limits (e.g. --cpu-quota --cpu-shares) and memory limits (--memory) on docker run. It is also possible to set the global nproc limit for users via --ulimit.
Let's say two different users are running workloads in one container. Is there a way to set limits for a individual users inside of one specific docker container only (not system global)?
For example with --ulimit nproc=100 it is not possible to specify that a user is allowed to run exactly a maximum of n processes inside of a docker container. For example if a user already runs 40 processes outside of the container, he is allowed to run 60 processes inside of the container. If you would set ulimit nproc=40 and 40 processes would run outside of the container, he wouldn't be allowed to start a new process inside of the container.
So I am looking for a way to enforce CPU, memory and process number restrictions on user basis for an individual docker container (even if other docker containers without those restriction are running on the same system). Starting a docker container for each user is not an option.
