[systemd-devel] [PATCH 2/2] Make OOMScoreAdjust non-fatal in user namespaces

Stéphane Graber stgraber at ubuntu.com
Thu Jan 8 11:27:36 PST 2015


In a user namespace, uid 0 is mapped to a non-root uid outside the
namespace. As a result, uid 0 in the namespace can only use the oom_adj
scores which a regular user can use, all others fail with EACCES.

This change makes it so that EACCES in a uid/gid shifted environment
only results in a log entry and isn't fatal to the startup of the unit.
---
 src/core/execute.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/core/execute.c b/src/core/execute.c
index 0af4227..490f8bc 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -87,6 +87,7 @@
 #include "bus-endpoint.h"
 #include "label.h"
 #include "cap-list.h"
+#include "virt.h"
 
 #ifdef HAVE_SECCOMP
 #include "seccomp-util.h"
@@ -1411,9 +1412,15 @@ static int exec_child(ExecCommand *command,
                 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
                 char_array_0(t);
 
-                if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
-                        *error = EXIT_OOM_ADJUST;
-                        return -errno;
+                err = write_string_file("/proc/self/oom_score_adj", t);
+                if (err < 0) {
+                        if (errno == EACCES && detect_userns()) {
+                                log_unit_warning_errno(params->unit_id, err, "Failed to set OOM score due to lack of privileges in a user namespace: %m");
+                        }
+                        else {
+                                *error = EXIT_OOM_ADJUST;
+                                return -errno;
+                        }
                 }
         }
 
-- 
1.9.1



More information about the systemd-devel mailing list