diff --git a/packer/riju.slice b/packer/riju.slice
index a6701206..c3e9ecae 100644
--- a/packer/riju.slice
+++ b/packer/riju.slice
@@ -3,12 +3,26 @@ Description=Resource limits for Riju user containers
 Before=slices.target
 
 [Slice]
+
+# t3.large instance has baseline CPU performance of 60% and is
+# burstable up to 200%. Reserve bursting for server + operating
+# system.
 CPUAccounting=true
-CPUQuota=100%
+CPUQuota=60%
+
+# t3.large instance has 8GB memory, so reserve 3GB for server +
+# operating system. Disable swap for now.
 MemoryAccounting=true
-MemoryMax=3G
-MemorySwapMax=8G
+MemoryMax=5G
+MemorySwapMax=0
+
+# Empirically, EC2 instances appear to have /proc/sys/kernel/pid_max
+# equal to 2^22 = 4194304. It should be safe to give about a tenth of
+# this space to user code.
 TasksAccounting=true
-TasksMax=2048
+TasksMax=400000
+
+# Attempt to deny access to EC2 Instance Metadata service from user
+# code.
 IPAccounting=true
 IPAddressDeny=169.254.169.254
diff --git a/system/src/riju-system-privileged.c b/system/src/riju-system-privileged.c
index 71fa5829..91f2025f 100644
--- a/system/src/riju-system-privileged.c
+++ b/system/src/riju-system-privileged.c
@@ -233,13 +233,11 @@ void session(char *uuid, char *lang, char *imageHash)
         "--name",
         container,
         "--cpus",
-        "1",
+        "0.6",
         "--memory",
         "1g",
-        "--memory-swap",
-        "8g",
         "--pids-limit",
-        "2048",
+        "4000",
         "--cgroup-parent",
         "riju.slice",
         "--label",