From 32f24bc3c59af530196d3613dcb55ffced964de4 Mon Sep 17 00:00:00 2001 From: Michael Hudson-Doyle Date: Mon, 19 Sep 2016 14:27:10 +1200 Subject: [PATCH 1/2] Ignore failure to set oom_score_adj, as happens in an unprivileged container. Signed-off-by: Michael Hudson-Doyle --- daemon/daemon_unix.go | 5 +++++ libcontainerd/remote_linux.go | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index 4ed0594c6a..3402f77790 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -1148,6 +1148,11 @@ func setupOOMScoreAdj(score int) error { return err } _, err = f.WriteString(strconv.Itoa(score)) + if os.IsPermission(err) { + // Setting oom_score_adj does not work in an + // unprivileged container. Ignore the error. + return nil + } f.Close() return err } diff --git a/libcontainerd/remote_linux.go b/libcontainerd/remote_linux.go index e7fcb257b6..1689f90cc0 100644 --- a/libcontainerd/remote_linux.go +++ b/libcontainerd/remote_linux.go @@ -435,6 +435,11 @@ func setOOMScore(pid, score int) error { } _, err = f.WriteString(strconv.Itoa(score)) f.Close() + if os.IsPermission(err) { + // Setting oom_score_adj does not work in an + // unprivileged container. Ignore the error. + return nil + } return err } From 9ed54d3c674ea25d7e038a7506f68924aa8d39d6 Mon Sep 17 00:00:00 2001 From: Michael Hudson-Doyle Date: Wed, 21 Sep 2016 19:36:36 +1200 Subject: [PATCH 2/2] add log messages when write to oom_score_adj fails Signed-off-by: Michael Hudson-Doyle --- daemon/daemon_unix.go | 11 +++++++++-- libcontainerd/remote_linux.go | 13 ++++++++++--- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index 3402f77790..9d8f48216f 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -37,6 +37,7 @@ import ( lntypes "github.com/docker/libnetwork/types" "github.com/golang/protobuf/ptypes" "github.com/opencontainers/runc/libcontainer/label" + rsystem "github.com/opencontainers/runc/libcontainer/system" "github.com/opencontainers/runc/libcontainer/user" "github.com/opencontainers/runtime-spec/specs-go" ) @@ -1147,10 +1148,16 @@ func setupOOMScoreAdj(score int) error { if err != nil { return err } - _, err = f.WriteString(strconv.Itoa(score)) + + stringScore := strconv.Itoa(score) + _, err = f.WriteString(stringScore) if os.IsPermission(err) { // Setting oom_score_adj does not work in an - // unprivileged container. Ignore the error. + // unprivileged container. Ignore the error, but log + // it if we appear not to be in that situation. + if !rsystem.RunningInUserNS() { + logrus.Debugf("Permission denied writing %q to /proc/self/oom_score_adj", stringScore) + } return nil } f.Close() diff --git a/libcontainerd/remote_linux.go b/libcontainerd/remote_linux.go index 1689f90cc0..06a726aa09 100644 --- a/libcontainerd/remote_linux.go +++ b/libcontainerd/remote_linux.go @@ -22,6 +22,7 @@ import ( "github.com/docker/docker/utils" "github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes/timestamp" + rsystem "github.com/opencontainers/runc/libcontainer/system" "golang.org/x/net/context" "google.golang.org/grpc" "google.golang.org/grpc/grpclog" @@ -429,15 +430,21 @@ func (r *remote) runContainerdDaemon() error { } func setOOMScore(pid, score int) error { - f, err := os.OpenFile(fmt.Sprintf("/proc/%d/oom_score_adj", pid), os.O_WRONLY, 0) + oomScoreAdjPath := fmt.Sprintf("/proc/%d/oom_score_adj", pid) + f, err := os.OpenFile(oomScoreAdjPath, os.O_WRONLY, 0) if err != nil { return err } - _, err = f.WriteString(strconv.Itoa(score)) + stringScore := strconv.Itoa(score) + _, err = f.WriteString(stringScore) f.Close() if os.IsPermission(err) { // Setting oom_score_adj does not work in an - // unprivileged container. Ignore the error. + // unprivileged container. Ignore the error, but log + // it if we appear not to be in that situation. + if !rsystem.RunningInUserNS() { + logrus.Debugf("Permission denied writing %q to %s", stringScore, oomScoreAdjPath) + } return nil } return err