sys: un-export runningPrivileged(), remove runningUnprivileged()

These are currently only used inside this package, so we might as well un-export them until we need them elsewhere. Also updated SetOOMScore() to first check for privileged; check for privileged looks to be the "faster" path, and checking it first could (in case of non- privileged) save having to read and parse /proc/self/uid_map. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-23 11:00:24 +01:00
parent 8b00eafcaa
commit badd60d3f6
4 changed files with 11 additions and 37 deletions
--- a/sys/oom_linux.go
+++ b/sys/oom_linux.go
@@ -24,6 +24,7 @@ import (
 	"strings"

 	"github.com/containerd/containerd/pkg/userns"
+	"golang.org/x/sys/unix"
 )

 const (
@@ -42,7 +43,7 @@ func SetOOMScore(pid, score int) error {
 	}
 	defer f.Close()
 	if _, err = f.WriteString(strconv.Itoa(score)); err != nil {
-		if os.IsPermission(err) && (userns.RunningInUserNS() || RunningUnprivileged()) {
+		if os.IsPermission(err) && (!runningPrivileged() || userns.RunningInUserNS()) {
 			return nil
 		}
 		return err
@@ -59,3 +60,9 @@ func GetOOMScoreAdj(pid int) (int, error) {
 	}
 	return strconv.Atoi(strings.TrimSpace(string(data)))
 }
+
+// runningPrivileged returns true if the effective user ID of the
+// calling process is 0
+func runningPrivileged() bool {
+	return unix.Geteuid() == 0
+}