Author: eelco Date: Wed May 11 09:33:24 2011 New Revision: 27216 URL: https://svn.nixos.org/websvn/nix/?rev=27216&sc=1
Log: * Don't mount /dev/cgroup with the "ns" subsystem. If it's mounted, then every unshare(CLONE_NEWNS) system call causes a new entry to be created in /dev/cgroup/<pid>, which is not removed automatically. This can cause subsequent calls to unshare() to fail if the PID has wrapped around. Worse, a large number of entries in /dev/cgroup causes a very substantial system slowdown: doing 10,000 fork()/unshare(CLONE_NEWNS)/exit() calls took 21s without the "ns" subsystem, but 2m43s with it, and the system slows down permanently until the entries in /dev/cgroup are removed (going to a load of > 6 on my laptop). This is particularly important for Nix because its chroot feature uses unshare(CLONE_NEWNS). (http://yellowgrass.org/issue/Nix/219) Modified: nixos/trunk/modules/system/activation/activation-script.nix Modified: nixos/trunk/modules/system/activation/activation-script.nix ============================================================================== --- nixos/trunk/modules/system/activation/activation-script.nix Tue May 10 14:36:10 2011 (r27215) +++ nixos/trunk/modules/system/activation/activation-script.nix Wed May 11 09:33:24 2011 (r27216) @@ -133,7 +133,7 @@ '' if ! ${pkgs.sysvtools}/bin/mountpoint -q /dev/cgroup; then mkdir -p /dev/cgroup - ${pkgs.utillinux}/bin/mount -t cgroup none /dev/cgroup + ${pkgs.utillinux}/bin/mount -t cgroup -o freezer,cpuacct,cpu,cpuset none /dev/cgroup fi ''; _______________________________________________ nix-commits mailing list [email protected] http://mail.cs.uu.nl/mailman/listinfo/nix-commits
