containers · openshift-merge-robot · Mar 20, 2023 · Mar 16, 2023
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
@@ -37,6 +37,10 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 	}
 	s.Rlimits = append(rlimits, s.Rlimits...)
 
+	if s.OOMScoreAdj == nil {
+		s.OOMScoreAdj = rtc.Containers.OOMScoreAdj
+	}
+
 	// If joining a pod, retrieve the pod for use, and its infra container
 	var pod *libpod.Pod
 	var infra *libpod.Container

diff --git a/test/e2e/config/containers.conf b/test/e2e/config/containers.conf
@@ -12,6 +12,8 @@ default_ulimits = [
   "nofile=500:500",
 ]
 
+oom_score_adj=999
+
 # Environment variable list for the conmon process; used for passing necessary
 # environment variables to conmon or the runtime.
 #

diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go
@@ -70,6 +70,38 @@ var _ = Describe("Verify podman containers.conf usage", func() {
 
 	})
 
+	It("oom-score-adj", func() {
+		SkipIfRootlessCgroupsV1("Setting limits not supported on cgroupv1 for rootless users")
+		// containers.conf is set to "oom_score_adj=999"
+		session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/proc/self/oom_score_adj"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal("999"))
+
+		raw, err := os.ReadFile("/proc/self/oom_score_adj")
+		Expect(err).ToNot(HaveOccurred())
+
+		rawS := strings.TrimSuffix(string(raw), "\n")
+
+		// Reset CONTAINERS_CONF to "/dev/null"
+		// Local should go back to defaults but remote should be set on server side
+		os.Setenv("CONTAINERS_CONF", "/dev/null")
+		session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/proc/self/oom_score_adj"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		if IsRemote() {
+			Expect(session.OutputToString()).To(Equal("999"))
+		} else {
+			if isRootless() {
+				Expect(session.OutputToString()).To(ContainSubstring(rawS))
+			} else {
+				Expect(session.OutputToString()).To(ContainSubstring("0"))
+			}
+
+		}
+
+	})
+
 	It("having additional env", func() {
 		// containers.conf default env includes foo
 		session := podmanTest.Podman([]string{"run", ALPINE, "printenv"})

diff --git a/test/system/030-run.bats b/test/system/030-run.bats
@@ -840,6 +840,24 @@ EOF
     current_oom_score_adj=$(cat /proc/self/oom_score_adj)
     run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
     is "$output" "$current_oom_score_adj" "different oom_score_adj in the container"
+
+    oomscore=$((current_oom_score_adj+1))
+    run_podman run --oom-score-adj=$oomscore --rm $IMAGE cat /proc/self/oom_score_adj
+    is "$output" "$oomscore" "one more then default oomscore"
+
+    skip_if_remote "containersconf needs to be set on server side"
+    oomscore=$((oomscore+1))
+    containersconf=$PODMAN_TMPDIR/containers.conf
+    cat >$containersconf <<EOF
+[containers]
+oom_score_adj=$oomscore
+EOF
+    CONTAINERS_CONF=$PODMAN_TMPDIR/containers.conf run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
+    is "$output" "$oomscore" "two more then default oomscore"
+
+    oomscore=$((oomscore+1))
+    CONTAINERS_CONF=$PODMAN_TMPDIR/containers.conf run_podman run --oom-score-adj=$oomscore --rm $IMAGE cat /proc/self/oom_score_adj
+    is "$output" "$oomscore" "--oom-score-adj should overide containers.conf"
 }
 
 # CVE-2022-1227 : podman top joins container mount NS and uses nsenter from image