544b985ff2
This allows non-privileged users to use containerd. If a non root user tried to set a negative oom score adjustment, it will fail. Containerd should not fail if running rootless. This is part of a larger track of work integrating containerd into Cloudfoundry's garden with support for rootless. [#156343443] Signed-off-by: Danail Branekov <danailster@gmail.com>
48 lines
1.3 KiB
Go
48 lines
1.3 KiB
Go
// +build !windows
|
|
|
|
/*
|
|
Copyright The containerd Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package sys
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"strconv"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/system"
|
|
)
|
|
|
|
// OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer
|
|
const OOMScoreMaxKillable = -999
|
|
|
|
// SetOOMScore sets the oom score for the provided pid
|
|
func SetOOMScore(pid, score int) error {
|
|
path := fmt.Sprintf("/proc/%d/oom_score_adj", pid)
|
|
f, err := os.OpenFile(path, os.O_WRONLY, 0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer f.Close()
|
|
if _, err = f.WriteString(strconv.Itoa(score)); err != nil {
|
|
if os.IsPermission(err) && (system.RunningInUserNS() || RunningUnprivileged()) {
|
|
return nil
|
|
}
|
|
return err
|
|
}
|
|
return nil
|
|
}
|