It would be good to have the option to limit cpu besides memory so a wild running container cannot bog down the whole system:

set container name <name> cpus <cores>

to translate to podman argument --cpus <cores>.

For this to work the following kernel configs need to be enabled:

CONFIG_CGROUP_SCHED=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CPUSETS=y