Skip to content

Commit

Permalink
Merge pull request containers#17834 from rhatdan/ulimits
Browse files Browse the repository at this point in the history
Add support for oom_score_adj value from containers.conf
  • Loading branch information
openshift-merge-robot authored Mar 20, 2023
2 parents 060c125 + 46d1650 commit 39b0de1
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/specgen/generate/container_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
}
s.Rlimits = append(rlimits, s.Rlimits...)

if s.OOMScoreAdj == nil {
s.OOMScoreAdj = rtc.Containers.OOMScoreAdj
}

// If joining a pod, retrieve the pod for use, and its infra container
var pod *libpod.Pod
var infra *libpod.Container
Expand Down
2 changes: 2 additions & 0 deletions test/e2e/config/containers.conf
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ default_ulimits = [
"nofile=500:500",
]

oom_score_adj=999

# Environment variable list for the conmon process; used for passing necessary
# environment variables to conmon or the runtime.
#
Expand Down
32 changes: 32 additions & 0 deletions test/e2e/containers_conf_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,38 @@ var _ = Describe("Verify podman containers.conf usage", func() {

})

It("oom-score-adj", func() {
SkipIfRootlessCgroupsV1("Setting limits not supported on cgroupv1 for rootless users")
// containers.conf is set to "oom_score_adj=999"
session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/proc/self/oom_score_adj"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Equal("999"))

raw, err := os.ReadFile("/proc/self/oom_score_adj")
Expect(err).ToNot(HaveOccurred())

rawS := strings.TrimSuffix(string(raw), "\n")

// Reset CONTAINERS_CONF to "/dev/null"
// Local should go back to defaults but remote should be set on server side
os.Setenv("CONTAINERS_CONF", "/dev/null")
session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/proc/self/oom_score_adj"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
if IsRemote() {
Expect(session.OutputToString()).To(Equal("999"))
} else {
if isRootless() {
Expect(session.OutputToString()).To(ContainSubstring(rawS))
} else {
Expect(session.OutputToString()).To(ContainSubstring("0"))
}

}

})

It("having additional env", func() {
// containers.conf default env includes foo
session := podmanTest.Podman([]string{"run", ALPINE, "printenv"})
Expand Down
18 changes: 18 additions & 0 deletions test/system/030-run.bats
Original file line number Diff line number Diff line change
Expand Up @@ -840,6 +840,24 @@ EOF
current_oom_score_adj=$(cat /proc/self/oom_score_adj)
run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
is "$output" "$current_oom_score_adj" "different oom_score_adj in the container"

oomscore=$((current_oom_score_adj+1))
run_podman run --oom-score-adj=$oomscore --rm $IMAGE cat /proc/self/oom_score_adj
is "$output" "$oomscore" "one more then default oomscore"

skip_if_remote "containersconf needs to be set on server side"
oomscore=$((oomscore+1))
containersconf=$PODMAN_TMPDIR/containers.conf
cat >$containersconf <<EOF
[containers]
oom_score_adj=$oomscore
EOF
CONTAINERS_CONF=$PODMAN_TMPDIR/containers.conf run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
is "$output" "$oomscore" "two more then default oomscore"

oomscore=$((oomscore+1))
CONTAINERS_CONF=$PODMAN_TMPDIR/containers.conf run_podman run --oom-score-adj=$oomscore --rm $IMAGE cat /proc/self/oom_score_adj
is "$output" "$oomscore" "--oom-score-adj should overide containers.conf"
}

# CVE-2022-1227 : podman top joins container mount NS and uses nsenter from image
Expand Down

0 comments on commit 39b0de1

Please sign in to comment.