GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

remove the CLONE_NEWNET isolation option as it's performance cost is too high

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-01-14 21:05:14 +01:00
parent 8989be49ef
commit 8b65df1ce3
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/system.c
View File

@@ -55,7 +55,12 @@ pid_t safe_fork(void)
{
#if defined(__linux__) && defined(ENABLE_LINUX_NS)
long ret;
int flags = SIGCHLD|CLONE_NEWPID|CLONE_NEWNET|CLONE_NEWIPC;
/* fork: 100%
* CLONE_NEWPID|CLONE_NEWNET|CLONE_NEWIPC: 3%
* CLONE_NEWPID|CLONE_NEWIPC: 27%
* CLONE_NEWPID: 36%
*/
int flags = SIGCHLD|CLONE_NEWPID|CLONE_NEWIPC;
ret = syscall(SYS_clone, flags, 0, 0, 0);
if (ret == 0 && syscall(SYS_getpid)!= 1)
return -1;