diff --git a/backend/embassyd.service b/backend/embassyd.service
index 25ae177ff..1ed510586 100644
--- a/backend/embassyd.service
+++ b/backend/embassyd.service
@@ -9,6 +9,9 @@ Environment=RUST_LOG=embassyd=debug,embassy=debug
 ExecStart=/usr/local/bin/embassyd
 Restart=always
 RestartSec=3
+ManagedOOMPreference=avoid
+CPUAccounting=true
+CPUWeight=1000
 
 [Install]
 WantedBy=multi-user.target
diff --git a/build/docker-engine.slice b/build/docker-engine.slice
new file mode 100644
index 000000000..fd8f93ba4
--- /dev/null
+++ b/build/docker-engine.slice
@@ -0,0 +1,8 @@
+[Unit]
+Description=Slice that limits docker resources 
+Before=slices.target
+
+[Slice]
+MemoryAccounting=true
+MemoryHigh=80%
+MemoryMax=85%
diff --git a/build/initialization.sh b/build/initialization.sh
index 7be48b269..02634a41c 100755
--- a/build/initialization.sh
+++ b/build/initialization.sh
@@ -51,11 +51,12 @@ apt-get autoremove -y
 apt-get upgrade -y
 
 sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
+sed -i 's/ExecStart=\/usr\/bin\/dockerd/ExecStart=\/usr\/bin\/dockerd --exec-opt native.cgroupdriver=systemd/g' /lib/systemd/system/docker.service
 sed -i '/}/i \ \ \ \ application\/wasm \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ wasm;' /etc/nginx/mime.types
 sed -i 's/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
-# sed -i 's/ExecStart=\/sbin\/wpa_supplicant -u -s -O \/run\/wpa_supplicant/ExecStart=\/sbin\/wpa_supplicant -u -s -O \/run\/wpa_supplicant -c \/etc\/wpa_supplicant.conf -i wlan0/g' /lib/systemd/system/wpa_supplicant.service
 sed -i 's/#allow-interfaces=eth0/allow-interfaces=eth0,wlan0/g' /etc/avahi/avahi-daemon.conf
 echo "#" > /etc/network/interfaces
+echo '{ "cgroup-parent": "docker-engine.slice" }' > /etc/docker/daemon.json
 mkdir -p /etc/nginx/ssl
 
 # fix to suppress docker warning, fixed in 21.xx release of docker cli: https://github.com/docker/cli/pull/2934