diff --git a/src/apprt/gtk/cgroup.zig b/src/apprt/gtk/cgroup.zig
index b936d83a1..e767c9a23 100644
--- a/src/apprt/gtk/cgroup.zig
+++ b/src/apprt/gtk/cgroup.zig
@@ -71,6 +71,14 @@ pub fn init(app: *App) ![]const u8 {
         });
     }
 
+    // Configure the "max" pids limit. This is a hard limit and cannot be
+    // exceeded.
+    if (app.config.@"linux-cgroup-processes-limit") |limit| {
+        try internal_os.cgroup.configureProcessesLimit(surfaces, .{
+            .processes = limit,
+        });
+    }
+
     return transient;
 }
 
diff --git a/src/config/Config.zig b/src/config/Config.zig
index e5ee2bc22..7889e12a8 100644
--- a/src/config/Config.zig
+++ b/src/config/Config.zig
@@ -1276,6 +1276,13 @@ keybind: Keybinds = .{},
 /// pressure.
 @"linux-cgroup-memory-limit": ?u64 = null,
 
+/// Number of processes limit for any individual terminal process (tab, split,
+/// window, etc.). If this is unset then no limit will be set.
+///
+/// Note that this sets the "pids.max" configuration for the process number
+/// controller, which is a hard limit.
+@"linux-cgroup-processes-limit": ?u64 = null,
+
 /// If this is false, then any cgroup initialization (for linux-cgroup)
 /// will be allowed to fail and the failure is ignored. This is useful if
 /// you view cgroup isolation as a "nice to have" and not a critical resource
diff --git a/src/os/cgroup.zig b/src/os/cgroup.zig
index 5a4082b15..4b6b2335b 100644
--- a/src/os/cgroup.zig
+++ b/src/os/cgroup.zig
@@ -207,3 +207,30 @@ pub fn configureMemoryLimit(cgroup: []const u8, limit: MemoryLimit) !void {
     // Write our limit in bytes
     try file.writer().print("{}", .{size});
 }
+
+pub const ProcessesLimit = union(enum) {
+    /// pids.max
+    processes: usize,
+};
+
+/// Configure the number of processes for the given cgroup.
+pub fn configureProcessesLimit(cgroup: []const u8, limit: ProcessesLimit) !void {
+    assert(cgroup[0] == '/');
+
+    const filename, const size = switch (limit) {
+        .processes => |v| .{ "pids.max", v },
+    };
+
+    // Open our file
+    var buf: [std.fs.max_path_bytes]u8 = undefined;
+    const path = try std.fmt.bufPrint(
+        &buf,
+        "/sys/fs/cgroup{s}/{s}",
+        .{ cgroup, filename },
+    );
+    const file = try std.fs.cwd().openFile(path, .{ .mode = .write_only });
+    defer file.close();
+
+    // Write our limit in bytes
+    try file.writer().print("{}", .{size});
+}