Browse code
Merge pull request #26690 from mwhudson/ignore-oom_score_adj-failure
Ignore failure to set oom_score_adj, as happens in an unprivileged container.
Justin Cormack authored on 2016/10/11 18:01:22Showing 2 changed files
| ... | ... |
@@ -37,6 +37,7 @@ import ( |
| 37 | 37 |
lntypes "github.com/docker/libnetwork/types" |
| 38 | 38 |
"github.com/golang/protobuf/ptypes" |
| 39 | 39 |
"github.com/opencontainers/runc/libcontainer/label" |
| 40 |
+ rsystem "github.com/opencontainers/runc/libcontainer/system" |
|
| 40 | 41 |
"github.com/opencontainers/runc/libcontainer/user" |
| 41 | 42 |
"github.com/opencontainers/runtime-spec/specs-go" |
| 42 | 43 |
"github.com/vishvananda/netlink" |
| ... | ... |
@@ -1168,7 +1169,18 @@ func setupOOMScoreAdj(score int) error {
|
| 1168 | 1168 |
if err != nil {
|
| 1169 | 1169 |
return err |
| 1170 | 1170 |
} |
| 1171 |
- _, err = f.WriteString(strconv.Itoa(score)) |
|
| 1171 |
+ |
|
| 1172 |
+ stringScore := strconv.Itoa(score) |
|
| 1173 |
+ _, err = f.WriteString(stringScore) |
|
| 1174 |
+ if os.IsPermission(err) {
|
|
| 1175 |
+ // Setting oom_score_adj does not work in an |
|
| 1176 |
+ // unprivileged container. Ignore the error, but log |
|
| 1177 |
+ // it if we appear not to be in that situation. |
|
| 1178 |
+ if !rsystem.RunningInUserNS() {
|
|
| 1179 |
+ logrus.Debugf("Permission denied writing %q to /proc/self/oom_score_adj", stringScore)
|
|
| 1180 |
+ } |
|
| 1181 |
+ return nil |
|
| 1182 |
+ } |
|
| 1172 | 1183 |
f.Close() |
| 1173 | 1184 |
return err |
| 1174 | 1185 |
} |
| ... | ... |
@@ -22,6 +22,7 @@ import ( |
| 22 | 22 |
"github.com/docker/docker/utils" |
| 23 | 23 |
"github.com/golang/protobuf/ptypes" |
| 24 | 24 |
"github.com/golang/protobuf/ptypes/timestamp" |
| 25 |
+ rsystem "github.com/opencontainers/runc/libcontainer/system" |
|
| 25 | 26 |
"golang.org/x/net/context" |
| 26 | 27 |
"google.golang.org/grpc" |
| 27 | 28 |
"google.golang.org/grpc/grpclog" |
| ... | ... |
@@ -429,12 +430,23 @@ func (r *remote) runContainerdDaemon() error {
|
| 429 | 429 |
} |
| 430 | 430 |
|
| 431 | 431 |
func setOOMScore(pid, score int) error {
|
| 432 |
- f, err := os.OpenFile(fmt.Sprintf("/proc/%d/oom_score_adj", pid), os.O_WRONLY, 0)
|
|
| 432 |
+ oomScoreAdjPath := fmt.Sprintf("/proc/%d/oom_score_adj", pid)
|
|
| 433 |
+ f, err := os.OpenFile(oomScoreAdjPath, os.O_WRONLY, 0) |
|
| 433 | 434 |
if err != nil {
|
| 434 | 435 |
return err |
| 435 | 436 |
} |
| 436 |
- _, err = f.WriteString(strconv.Itoa(score)) |
|
| 437 |
+ stringScore := strconv.Itoa(score) |
|
| 438 |
+ _, err = f.WriteString(stringScore) |
|
| 437 | 439 |
f.Close() |
| 440 |
+ if os.IsPermission(err) {
|
|
| 441 |
+ // Setting oom_score_adj does not work in an |
|
| 442 |
+ // unprivileged container. Ignore the error, but log |
|
| 443 |
+ // it if we appear not to be in that situation. |
|
| 444 |
+ if !rsystem.RunningInUserNS() {
|
|
| 445 |
+ logrus.Debugf("Permission denied writing %q to %s", stringScore, oomScoreAdjPath)
|
|
| 446 |
+ } |
|
| 447 |
+ return nil |
|
| 448 |
+ } |
|
| 438 | 449 |
return err |
| 439 | 450 |
} |
| 440 | 451 |
|