then every unshare(CLONE_NEWNS) system call causes a new entry to be
created in /dev/cgroup/<pid>, which is not removed automatically.
This can cause subsequent calls to unshare() to fail if the PID has
wrapped around. Worse, a large number of entries in /dev/cgroup
causes a very substantial system slowdown: doing 10,000
fork()/unshare(CLONE_NEWNS)/exit() calls took 21s without the "ns"
subsystem, but 2m43s with it, and the system slows down permanently
until the entries in /dev/cgroup are removed (going to a load of > 6
on my laptop).
This is particularly important for Nix because its chroot feature
uses unshare(CLONE_NEWNS). (http://yellowgrass.org/issue/Nix/219)
svn path=/nixos/trunk/; revision=27216
7579933824