[lxc-users] OOMScoreAdjust= in dbus.service on systemd-based
Christian Brauner
christianvanbrauner at gmail.com
Fri Feb 6 12:52:40 UTC 2015
Patching the containers systemd with:
From: Lennart Poettering <lennart at poettering.net>
Date: Thu, 8 Jan 2015 23:12:16 +0100
Subject: core: make EPERM errors when applying OOM adjustment for forked
processes non-fatal
This should be useful for user namespaces.
---
src/core/execute.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 5e4135e..22b7862 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1359,12 +1359,16 @@ static int exec_child(ExecCommand *command,
}
if (context->oom_score_adjust_set) {
- char t[16];
+ char t[DECIMAL_STR_MAX(context->oom_score_adjust)];
- snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
- char_array_0(t);
+ /* When we can't make this change due to EPERM, then
+ * let's silently skip over it. User namespaces
+ * prohibit write access to this file, and we
+ * shouldn't trip up over that. */
- if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
+ sprintf(t, "%i", context->oom_score_adjust);
+ err = write_string_file("/proc/self/oom_score_adj", t);
+ if (err < 0 && err != -EPERM && err != -EACCES) {
*error = EXIT_OOM_ADJUST;
return -errno;
}
works
On Thu, Feb 05, 2015 at 10:51:26PM +0100, Christian Brauner wrote:
> On Thu, Feb 05, 2015 at 10:19:15PM +0100, Christian Brauner wrote:
> > On Thu, Feb 05, 2015 at 10:14:37PM +0100, Christian Brauner wrote:
> > > On Thu, Feb 05, 2015 at 09:25:12PM +0100, Christian Brauner wrote:
> > > > I hope so, I've just patched my systemd source code and it's currently
> > > > compiling. :) One thing I'm currently not clear about is whether the
> > > > host or the container systemd needs to be patched... I'll go with the
> > > > host. :)
> > > >
> > > > Christian
> > >
> > > I think this is the patch on cgit for systemd you were talking about,
> > > Serge?
> > > http://cgit.freedesktop.org/systemd/systemd/patch/?id=d5243d628624038567c576e9b69c1d775eb05a05
> > >
> > > I downloaded and succesfully applied it but systemd stills seems to be
> > > hanging no matter if I patch the host or the container... I'm just
> > > compiling it again to make sure I made no mistake. Did you already have
> > > the chance to test it yourself?
> > >
> > > Christian
> >
> > Starting the container without OOMScoreAdjust commented out gives me
> > (when I strace /sbin/init from the host):
> >
> > epoll_wait(4, {{EPOLLIN, {u32=3, u64=3}}}, 29, 0) = 1
> > clock_gettime(CLOCK_BOOTTIME, {2116, 108967782}) = 0
> > read(25, "\1\0\0\0\0\0\0\0", 8) = 8
> > timerfd_settime(25, TFD_TIMER_ABSTIME, {it_interval={0, 0}, it_value={2062, 785850000}}, NULL) = 0
> >
> > Christian
>
> If I boot with the OOMScoreAdjust in dbus.service enabled with the patched
> applied on the host and in the container and strace /sbin/init again I get:
>
> open("/sys/fs/cgroup/systemd/user.slice/user-1000.slice/session-c1.scope/chb/arch/system.slice/dbus.service/cgroup.procs", O_RDONLY|O_CLOEXEC) = 32
> fstat(32, {st_mode=S_IFREG|0644, st_size=5, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa470213000
> read(32, "232\n", 4096) = 4
> close(32) = 0
> munmap(0x7fa470213000, 4096) = 0
> open("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC) = 32
> ioctl(32, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
> ioctl(32, TIOCGWINSZ, {ws_row=49, ws_col=84, ws_xpixel=681, ws_ypixel=747}) = 0
> writev(32, [{"[", 1}, {"\33[32m OK \33[0m", 15}, {"] ", 2}, {"Started D-Bus System Message Bus"..., 33}, {"\n", 1}], 5) = 52
> close(32) = 0
> sendmsg(30, {msg_name(0)=NULL, msg_iov(9)=[{"PRIORITY=6\nSYSLOG_FACILITY=3\nCOD"..., 131}, {"UNIT=dbus.service", 17}, {"\n", 1}, {"MESSAGE_ID=39f53479d3a045ac8e117"..., 43}, {"\n", 1}, {"MESSAGE=Started D-Bus System Mes"..., 41}, {"\n", 1}, {"RESULT=done", 11}, {"\n", 1}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 247
> epoll_ctl(4, EPOLL_CTL_DEL, 3, NULL) = 0
> socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 32
> setsockopt(32, SOL_SOCKET, SO_PASSCRED, [0], 4) = 0
> setsockopt(32, SOL_SOCKET, 0x22 /* SO_??? */, [0], 4) = 0
> getsockopt(32, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
> setsockopt(32, SOL_SOCKET, 0x21 /* SO_??? */, [8388608], 4) = -1 EPERM (Operation not permitted)
> setsockopt(32, SOL_SOCKET, SO_RCVBUF, [8388608], 4) = 0
> getsockopt(32, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
> setsockopt(32, SOL_SOCKET, 0x20 /* SO_??? */, [8388608], 4) = -1 EPERM (Operation not permitted)
> setsockopt(32, SOL_SOCKET, SO_SNDBUF, [8388608], 4) = 0
> connect(32, {sa_family=AF_LOCAL, sun_path="/var/run/dbus/system_bus_socket"}, 33) = 0
> getsockopt(32, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
> fstat(32, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
> getsockopt(32, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
> getsockname(32, {sa_family=AF_LOCAL, NULL}, [2]) = 0
> geteuid() = 0
> sendmsg(32, {msg_name(0)=NULL, msg_iov(3)=[{"\0AUTH EXTERNAL ", 15}, {"30", 2}, {"\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 28}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 45
> recvmsg(32, 0x7fffe704ddd0, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable)
> ppoll([{fd=32, events=POLLIN}], 1, {24, 999780000}, NULL, 8^CProcess 11517 detached
> <detached ...>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150206/128348c6/attachment.sig>
More information about the lxc-users
mailing list