[systemd-devel] [PATCH 2/2] Make OOMScoreAdjust non-fatal in user namespaces
Stéphane Graber
stgraber at ubuntu.com
Thu Jan 8 11:27:36 PST 2015
In a user namespace, uid 0 is mapped to a non-root uid outside the
namespace. As a result, uid 0 in the namespace can only use the oom_adj
scores which a regular user can use, all others fail with EACCES.
This change makes it so that EACCES in a uid/gid shifted environment
only results in a log entry and isn't fatal to the startup of the unit.
---
src/core/execute.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 0af4227..490f8bc 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -87,6 +87,7 @@
#include "bus-endpoint.h"
#include "label.h"
#include "cap-list.h"
+#include "virt.h"
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
@@ -1411,9 +1412,15 @@ static int exec_child(ExecCommand *command,
snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
char_array_0(t);
- if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
- *error = EXIT_OOM_ADJUST;
- return -errno;
+ err = write_string_file("/proc/self/oom_score_adj", t);
+ if (err < 0) {
+ if (errno == EACCES && detect_userns()) {
+ log_unit_warning_errno(params->unit_id, err, "Failed to set OOM score due to lack of privileges in a user namespace: %m");
+ }
+ else {
+ *error = EXIT_OOM_ADJUST;
+ return -errno;
+ }
}
}
--
1.9.1
More information about the systemd-devel
mailing list