## Context In https://gitlab.com/gitlab-org/charts/gitlab/-/issues/5780#note_2919259190, we discussed whether we can make Gitaly operate **with** cgroups V2 but **without** permissions to invoke `clone3`. Gitaly invokes `clone3` because it has the ability to start a process directly in a target cgroup of choice. This helps prevent any jittering effects as we don't need to migrate a live process into a cgroup, and also ensures that resource usage is accounted for from the very beginning. We have a [SupportsCloneIntoCgroup()](https://gitlab.com/gitlab-org/gitaly/-/blob/4befce61b875b9c0175d1e4dc36df8a78d896a05/internal/cgroups/manager_linux.go#L157-L162) helper function which [essentially returns true](https://gitlab.com/gitlab-org/gitaly/-/blob/4befce61b875b9c0175d1e4dc36df8a78d896a05/internal/cgroups/v2_linux.go#L32) when cgroups v2 is in effect, and [false for cgroups v1](https://gitlab.com/gitlab-org/gitaly/-/blob/4befce61b875b9c0175d1e4dc36df8a78d896a05/internal/cgroups/v1_linux.go#L193-L195). ## Proposal Modify the cgroups v2 case to confirm that `clone3` is available for use. We should do this once on startup and cache the outcome, so we're not issuing a pointless syscall for every spawned command.