7579933824
then every unshare(CLONE_NEWNS) system call causes a new entry to be created in /dev/cgroup/<pid>, which is not removed automatically. This can cause subsequent calls to unshare() to fail if the PID has wrapped around. Worse, a large number of entries in /dev/cgroup causes a very substantial system slowdown: doing 10,000 fork()/unshare(CLONE_NEWNS)/exit() calls took 21s without the "ns" subsystem, but 2m43s with it, and the system slows down permanently until the entries in /dev/cgroup are removed (going to a load of > 6 on my laptop). This is particularly important for Nix because its chroot feature uses unshare(CLONE_NEWNS). (http://yellowgrass.org/issue/Nix/219) svn path=/nixos/trunk/; revision=27216 |
||
---|---|---|
.. | ||
config | ||
hardware | ||
installer | ||
misc | ||
profiles | ||
programs | ||
security | ||
services | ||
system | ||
tasks | ||
testing | ||
virtualisation | ||
module-list.nix | ||
rename.nix |