Expand description
COW fork — create lightweight clones of a sandboxed process.
The template process runs init_cmd to load expensive state, then
enters a fork-ready loop. The parent calls fork(N) to create N
COW clones that share memory pages with the template. Each clone
receives CLONE_ID=0..N-1 and execs work_cmd.
Uses raw fork() syscall (NR 57 on x86_64) to bypass seccomp
notification — the BPF filter only intercepts clone/clone3.