diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
index cbde460a57..f4c42b0ba4 100644
--- a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
+++ b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
@@ -42,7 +42,6 @@ pub struct Container {
     agent: Arc<dyn Agent>,
     resource_manager: Arc<ResourceManager>,
     logger: slog::Logger,
-    pub linux_resources: Option<LinuxResources>,
 }
 
 impl Container {
@@ -52,7 +51,6 @@ impl Container {
         spec: oci::Spec,
         agent: Arc<dyn Agent>,
         resource_manager: Arc<ResourceManager>,
-        linux_resources: Option<LinuxResources>,
     ) -> Result<Self> {
         let container_id = ContainerID::new(&config.container_id).context("new container id")?;
         let logger = sl!().new(o!("container_id" => config.container_id.clone()));
@@ -66,6 +64,10 @@ impl Container {
             config.stderr.clone(),
             config.terminal,
         );
+        let linux_resources = spec
+            .linux
+            .as_ref()
+            .and_then(|linux| linux.resources.clone());
 
         Ok(Self {
             pid,
@@ -76,11 +78,11 @@ impl Container {
                 agent.clone(),
                 init_process,
                 logger.clone(),
+                linux_resources,
             ))),
             agent,
             resource_manager,
             logger,
-            linux_resources,
         })
     }
 
@@ -153,13 +155,11 @@ impl Container {
             .handler_devices(&config.container_id, linux)
             .await?;
 
-        // update cgroups
+        // update vcpus, mems and host cgroups
         self.resource_manager
             .update_linux_resource(
                 &config.container_id,
-                spec.linux
-                    .as_ref()
-                    .and_then(|linux| linux.resources.as_ref()),
+                inner.linux_resources.as_ref(),
                 ResourceUpdateOp::Add,
             )
             .await?;
@@ -327,7 +327,20 @@ impl Container {
         inner
             .stop_process(container_process, true, &device_manager)
             .await
-            .context("stop process")
+            .context("stop process")?;
+
+        // update vcpus, mems and host cgroups
+        if container_process.process_type == ProcessType::Container {
+            self.resource_manager
+                .update_linux_resource(
+                    &self.config.container_id,
+                    inner.linux_resources.as_ref(),
+                    ResourceUpdateOp::Del,
+                )
+                .await?;
+        }
+
+        Ok(())
     }
 
     pub async fn pause(&self) -> Result<()> {
@@ -402,6 +415,9 @@ impl Container {
     }
 
     pub async fn update(&self, resources: &LinuxResources) -> Result<()> {
+        let mut inner = self.inner.write().await;
+        inner.linux_resources = Some(resources.clone());
+        // update vcpus, mems and host cgroups
         self.resource_manager
             .update_linux_resource(
                 &self.config.container_id,
diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container_inner.rs b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container_inner.rs
index 12d4810fbb..bc478cbcdc 100644
--- a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container_inner.rs
+++ b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container_inner.rs
@@ -14,6 +14,7 @@ use common::{
 };
 use hypervisor::device::device_manager::DeviceManager;
 use nix::sys::signal::Signal;
+use oci::LinuxResources;
 use resource::{rootfs::Rootfs, volume::Volume};
 use tokio::sync::RwLock;
 
@@ -32,10 +33,16 @@ pub struct ContainerInner {
     pub(crate) exec_processes: HashMap<String, Exec>,
     pub(crate) rootfs: Vec<Arc<dyn Rootfs>>,
     pub(crate) volumes: Vec<Arc<dyn Volume>>,
+    pub(crate) linux_resources: Option<LinuxResources>,
 }
 
 impl ContainerInner {
-    pub(crate) fn new(agent: Arc<dyn Agent>, init_process: Process, logger: slog::Logger) -> Self {
+    pub(crate) fn new(
+        agent: Arc<dyn Agent>,
+        init_process: Process,
+        logger: slog::Logger,
+        linux_resources: Option<LinuxResources>,
+    ) -> Self {
         Self {
             agent,
             logger,
@@ -43,6 +50,7 @@ impl ContainerInner {
             exec_processes: HashMap::new(),
             rootfs: vec![],
             volumes: vec![],
+            linux_resources,
         }
     }
 
diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/manager.rs b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/manager.rs
index 1b00713dd2..f5aa05e6c6 100644
--- a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/manager.rs
+++ b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/manager.rs
@@ -60,17 +60,12 @@ impl VirtContainerManager {
 #[async_trait]
 impl ContainerManager for VirtContainerManager {
     async fn create_container(&self, config: ContainerConfig, spec: oci::Spec) -> Result<PID> {
-        let linux_resources = match spec.linux.clone() {
-            Some(linux) => linux.resources,
-            _ => None,
-        };
         let container = Container::new(
             self.pid,
             config.clone(),
             spec.clone(),
             self.agent.clone(),
             self.resource_manager.clone(),
-            linux_resources,
         )
         .context("new container")?;