In a user namespace, uid 0 is mapped to a non-root uid outside the
namespace. As a result, uid 0 in the namespace can only use the oom_adj
scores which a regular user can use, all others fail with EACCES.
This change makes it so that EACCES in a uid/gid shifted environment
only results in a log entry and isn't fatal to the startup of the unit.
---
src/core/execute.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 0af4227..490f8bc 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -87,6 +87,7 @@
#include "bus-endpoint.h"
#include "label.h"
#include "cap-list.h"
+#include "virt.h"
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
@@ -1411,9 +1412,15 @@ static int exec_child(ExecCommand *command,
snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
char_array_0(t);
- if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
- *error = EXIT_OOM_ADJUST;
- return -errno;
+ err = write_string_file("/proc/self/oom_score_adj", t);
+ if (err < 0) {
+ if (errno == EACCES && detect_userns()) {
+ log_unit_warning_errno(params->unit_id, err,
"Failed to set OOM score due to lack of privileges in a user namespace: %m");
+ }
+ else {
+ *error = EXIT_OOM_ADJUST;
+ return -errno;
+ }
}
}
--
1.9.1
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
