unprivileged containers (Serge Hallyn) Reply-To: In-Reply-To: <[email protected]>
On Thu, Feb 05, 2015 at 04:54:55PM +0000, [email protected] wrote: > Date: Thu, 5 Feb 2015 15:58:45 +0000 > From: Serge Hallyn <[email protected]> > To: LXC users mailing-list <[email protected]> > Subject: Re: [lxc-users] OOMScoreAdjust= in dbus.service on systemd-based > unprivileged containers > > https://www.mail-archive.com/[email protected]/msg26524.html > > ? I did not see this. Systemd 218-1 on Archlinux does not yet include this patch as no new system version has been released. Best, Christian > > Quoting Christian Brauner ([email protected]): > > Hello, > > > > In the past I had troubles getting systemd-based unprivileged containers > > such as Archlinux or Debian Jessie to boot. On the other hand some > > systemd-based unpriv. containers such as Ubuntu Vivid worked fine and > > out of the box. (But I remember Stephane once saying that they were > > somehow patched.) > > > > With a little trick I can now also get Archlinux unpriv. containers > > booting out of the box, meaning I pacstrap a file-system and then use > > uidmapshift to map ids and gids or create a privileged one with the LXC > > template and then uidmapshift them. > > > > For this to work the dbus.service file in the unpriv. Archlinux > > container under /usr/lib/systemd/system/ must be patched. It contains > > the entry: > > > > OOMScoreAdjust=-900 > > > > where OOMScoreAdjust > > > > "Sets the adjustment level for the Out-Of-Memory killer for executed > > processes. Takes an integer between -1000 (to disable OOM killing > > for this process) and 1000 (to make killing of this process under > > memory pressure very likely). See proc.txt for details." > > > > (I won't get into detail here as all the relevant parts can be found > > under: https://www.kernel.org/doc/Documentation/filesystems/proc.txt) > > > > The OOMScoreAdjust score of each process can be seen by doing > > > > cat /proc/PID/oom_adj > > cat /proc/PID/oom_score > > cat /proc/PID/oom_score_adj > > > > E.g. the values for dbus-daemon on an Archlinux host will look like > > this: > > > > cat /proc/PID/oom_adj > > > > will be -15 (It is only there for backwards compatibility with older > > kernels where the oom adjustement was made there.). > > > > cat /proc/PID/oom_adj_score > > > > will be -900 as specified in dbus.service on Archlinux. > > > > Finally, > > > > cat /proc/PID/oom_score > > > > will be 0. > > > > Both values, -15 and -900 make dbus one of the few processes that is > > killed last when out of memory. > > > > All unprivileged containers I have run so far (Ubuntu Vivid, Debian > > Jessie) even though they may have the line OOMScoreAdjust in their > > dbus.service file do not adjust this value meaning when they boot they > > show 0 on all three fields under proc. > > > > When disabling OOMScoreAdjust in the Archlinux dbus.service file of the > > unpriv. container the boot will be immediately succesfull and all three > > values under proc will show 0 just as for an Ubuntu Vivid or Debian > > Jessie unpriv. container. > > > > So it seems that during boot systemd in Archlinux is trying to adjust > > the oom score under its /proc tree for dbus but somehow fails. > > > > Maybe this will help some people. Should I also file this on LXC github? > > > > Best, > > Christian
pgpyFhdbMQHAF.pgp
Description: PGP signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
