From 7579933824e25626ebbf526fdaf3221d68cdfc86 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 11 May 2011 09:33:24 +0000 Subject: [PATCH] * Don't mount /dev/cgroup with the "ns" subsystem. If it's mounted, then every unshare(CLONE_NEWNS) system call causes a new entry to be created in /dev/cgroup/, which is not removed automatically. This can cause subsequent calls to unshare() to fail if the PID has wrapped around. Worse, a large number of entries in /dev/cgroup causes a very substantial system slowdown: doing 10,000 fork()/unshare(CLONE_NEWNS)/exit() calls took 21s without the "ns" subsystem, but 2m43s with it, and the system slows down permanently until the entries in /dev/cgroup are removed (going to a load of > 6 on my laptop). This is particularly important for Nix because its chroot feature uses unshare(CLONE_NEWNS). (http://yellowgrass.org/issue/Nix/219) svn path=/nixos/trunk/; revision=27216 --- modules/system/activation/activation-script.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/activation/activation-script.nix b/modules/system/activation/activation-script.nix index a8e67f8ebce..b2246a1447d 100644 --- a/modules/system/activation/activation-script.nix +++ b/modules/system/activation/activation-script.nix @@ -133,7 +133,7 @@ in '' if ! ${pkgs.sysvtools}/bin/mountpoint -q /dev/cgroup; then mkdir -p /dev/cgroup - ${pkgs.utillinux}/bin/mount -t cgroup none /dev/cgroup + ${pkgs.utillinux}/bin/mount -t cgroup -o freezer,cpuacct,cpu,cpuset none /dev/cgroup fi '';