At least LXC does not allow the container root to change the OOM Score adjust value.
Signed-off-by: Richard Weinberger <[email protected]> --- Hi! Within Linux containers we cannot use OOMScoreAdjust nor CapabilityBoundingSet (and maybe more related settings). This patch tells systemd to ignore OOMScoreAdjust if it detects a container. Are you fine with such a change? Otherweise regular distros need a lot of changes in their .service file to make them work within LXC. As detect_virtualization() detects more than LXC we have to find out whether OOMScoreAdjust cannot be used on OpenVZ and other container as well. I'd volunteer to identify all settings and sending patches... Thanks, //richard --- src/core/load-fragment.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index c604f90..13f6107 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -59,6 +59,7 @@ #include "bus-error.h" #include "errno-list.h" #include "af-list.h" +#include "virt.h" #ifdef HAVE_SECCOMP #include "seccomp-util.h" @@ -423,6 +424,12 @@ int config_parse_exec_oom_score_adjust(const char* unit, assert(rvalue); assert(data); + if (detect_virtualization(NULL) == VIRTUALIZATION_CONTAINER) { + log_syntax(unit, LOG_ERR, filename, line, EPERM, + "Setting the OOM score adjust value is not allowed within containers"); + return 0; + } + r = safe_atoi(rvalue, &oa); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, -r, -- 1.8.4.2 _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
