[systemd-devel] [PATCH] [RFC] Ignore OOMScoreAdjust in Linux containers
Richard Weinberger
richard at nod.at
Mon Apr 7 12:47:51 PDT 2014
At least LXC does not allow the container root to change
the OOM Score adjust value.
Signed-off-by: Richard Weinberger <richard at nod.at>
---
Hi!
Within Linux containers we cannot use OOMScoreAdjust nor CapabilityBoundingSet (and maybe
more related settings).
This patch tells systemd to ignore OOMScoreAdjust if it detects
a container.
Are you fine with such a change?
Otherweise regular distros need a lot of changes in their .service file
to make them work within LXC.
As detect_virtualization() detects more than LXC we have to find out
whether OOMScoreAdjust cannot be used on OpenVZ and other container as well.
I'd volunteer to identify all settings and sending patches...
Thanks,
//richard
---
src/core/load-fragment.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index c604f90..13f6107 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -59,6 +59,7 @@
#include "bus-error.h"
#include "errno-list.h"
#include "af-list.h"
+#include "virt.h"
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
@@ -423,6 +424,12 @@ int config_parse_exec_oom_score_adjust(const char* unit,
assert(rvalue);
assert(data);
+ if (detect_virtualization(NULL) == VIRTUALIZATION_CONTAINER) {
+ log_syntax(unit, LOG_ERR, filename, line, EPERM,
+ "Setting the OOM score adjust value is not allowed within containers");
+ return 0;
+ }
+
r = safe_atoi(rvalue, &oa);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, -r,
--
1.8.4.2
More information about the systemd-devel
mailing list