fix: Remove CLONE_VM flag

This appears to cause a growth in memory usage within gVisor.

Bug: N/A
Change-Id: I7e945b3c77b2a2d81b15155617e59925cb6f5778
GitOrigin-RevId: ffe763276a5b8a01193801aa0bfded55409db8d1

src/roma/byob/container/run_workers.cc

@@ -225,11 +225,10 @@ std::optional<PidExecutionTokenAndPivotRootDir> ConnectSendCloneAndExec(
   // 2^10 bytes) where unneeded.
   // https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/using-the-stack-in-aarch32-and-aarch64
   alignas(16) char stack[1 << 20];
-  const pid_t pid =
-      ::clone(WorkerImpl, stack + sizeof(stack),
-              CLONE_VM | CLONE_VFORK | CLONE_NEWIPC | CLONE_NEWPID | SIGCHLD |
-                  CLONE_NEWUTS | CLONE_NEWNS,
-              &worker_impl_arg);
+  const pid_t pid = ::clone(WorkerImpl, stack + sizeof(stack),
+                            CLONE_VFORK | CLONE_NEWIPC | CLONE_NEWPID |
+                                SIGCHLD | CLONE_NEWUTS | CLONE_NEWNS,
+                            &worker_impl_arg);
   if (pid == -1) {
     PLOG(ERROR) << "clone()";
     if (std::error_code ec; !std::filesystem::remove(pivot_root_dir, ec)) {

src/roma/byob/dispatcher/run_workers_without_sandbox.cc

@@ -116,7 +116,7 @@ std::optional<PidAndExecutionToken> ConnectSendCloneAndExec(
   // https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/using-the-stack-in-aarch32-and-aarch64
   alignas(16) char stack[1 << 20];
   const pid_t pid = ::clone(WorkerImpl, stack + sizeof(stack),
-                            CLONE_VM | CLONE_VFORK | SIGCHLD, &worker_impl_arg);
+                            CLONE_VFORK | SIGCHLD, &worker_impl_arg);
   if (pid == -1) {
     PLOG(ERROR) << "clone()";
     return std::nullopt;