7579933824
then every unshare(CLONE_NEWNS) system call causes a new entry to be created in /dev/cgroup/<pid>, which is not removed automatically. This can cause subsequent calls to unshare() to fail if the PID has wrapped around. Worse, a large number of entries in /dev/cgroup causes a very substantial system slowdown: doing 10,000 fork()/unshare(CLONE_NEWNS)/exit() calls took 21s without the "ns" subsystem, but 2m43s with it, and the system slows down permanently until the entries in /dev/cgroup are removed (going to a load of > 6 on my laptop). This is particularly important for Nix because its chroot feature uses unshare(CLONE_NEWNS). (http://yellowgrass.org/issue/Nix/219) svn path=/nixos/trunk/; revision=27216 |
||
---|---|---|
.. | ||
activation-script.nix | ||
no-clone.nix | ||
switch-to-configuration.sh | ||
top-level.nix |