Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[24.0 backport] Limit OOMScoreAdj when running in UserNS ("Rootful-in-Rootless") #46626

Merged
merged 1 commit into from Oct 12, 2023
Merged

[24.0 backport] Limit OOMScoreAdj when running in UserNS ("Rootful-in-Rootless") #46626

merged 1 commit into from Oct 12, 2023

Conversation

AkihiroSuda
Copy link
Member

@AkihiroSuda
Limit OOMScoreAdj when running in UserNS ("Rootful-in-Rootless")
58c1c7b 
Fix issue 46563 "Rootful-in-Rootless dind doesn't work since systemd v250 (due to oom score adj)"

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit ad87727)
> Conflicts:
>	daemon/oci_linux.go
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
@AkihiroSuda AkihiroSuda added the area/rootless Rootless mode label Oct 11, 2023
@AkihiroSuda AkihiroSuda added this to the 24.0.7 milestone Oct 12, 2023
@thaJeztah
Copy link
Member

Cherry-pick (non-clean):

The "non-clean" diff between both patches;

git diff --no-index 46564.txt 46626.txt
diff --git a/46564.txt b/46626.txt
index 51f60140fe..a90ef7589a 100644
--- a/46564.txt
+++ b/46626.txt
@@ -1,4 +1,4 @@
-From ad877271f32573aefb2b6abdca67b8cc692c980e Mon Sep 17 00:00:00 2001
+From 58c1c7b8dc027d102abaf0ebbc1de2d572c393ba Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Fri, 29 Sep 2023 20:31:22 +0900
 Subject: [PATCH] Limit OOMScoreAdj when running in UserNS
@@ -6,6 +6,10 @@ Subject: [PATCH] Limit OOMScoreAdj when running in UserNS

 Fix issue 46563 "Rootful-in-Rootless dind doesn't work since systemd v250 (due to oom score adj)"

+Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
+(cherry picked from commit ad877271f32573aefb2b6abdca67b8cc692c980e)
+> Conflicts:
+>      daemon/oci_linux.go
 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
  daemon/oci_linux.go                     | 11 +++++++++++
@@ -13,10 +17,10 @@ Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
  2 files changed, 25 insertions(+)

 diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
-index fc19ca04e012..45f19026aa18 100644
+index 64a7d3bdf2b9..0020c09c152d 100644
 --- a/daemon/oci_linux.go
 +++ b/daemon/oci_linux.go
-@@ -110,6 +110,15 @@ func withRootless(daemon *Daemon, daemonCfg *dconfig.Config) coci.SpecOpts {
+@@ -113,6 +113,15 @@ func WithRootless(daemon *Daemon) coci.SpecOpts {
        }
  }

@@ -32,21 +36,21 @@ index fc19ca04e012..45f19026aa18 100644
  // WithOOMScore sets the oom score
  func WithOOMScore(score *int) coci.SpecOpts {
        return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
-@@ -1126,6 +1135,8 @@ func (daemon *Daemon) createSpec(ctx context.Context, daemonCfg *configStore, c
+@@ -1091,6 +1100,8 @@ func (daemon *Daemon) createSpec(ctx context.Context, c *container.Container) (r
        }
-       if daemonCfg.Rootless {
-               opts = append(opts, withRootless(daemon, &daemonCfg.Config))
+       if daemon.configStore.Rootless {
+               opts = append(opts, WithRootless(daemon))
 +      } else if userns.RunningInUserNS() {
-+              opts = append(opts, withRootfulInRootless(daemon, &daemonCfg.Config))
++              opts = append(opts, withRootfulInRootless(daemon, daemon.configStore))
        }

        var snapshotter, snapshotKey string
 diff --git a/pkg/rootless/specconv/specconv_linux.go b/pkg/rootless/specconv/specconv_linux.go
-index d66b67f381b5..9a8db2da0162 100644
+index 06f55ef13d78..4cf54d19a83e 100644
 --- a/pkg/rootless/specconv/specconv_linux.go
 +++ b/pkg/rootless/specconv/specconv_linux.go
-@@ -13,6 +13,20 @@ import (
-       specs "github.com/opencontainers/runtime-spec/specs-go"
+@@ -12,6 +12,20 @@ import (
+       "github.com/sirupsen/logrus"
  )

 +// ToRootfulInRootless is used for "rootful-in-rootless" dind;

thaJeztah
thaJeztah approved these changes Oct 12, 2023
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit f9b8a35 into moby:24.0 Oct 12, 2023
102 checks passed
@AkihiroSuda AkihiroSuda mentioned this pull request Oct 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpuguy83 cpuguy83 cpuguy83 approved these changes

@thaJeztah thaJeztah thaJeztah approved these changes

Assignees
No one assigned
Labels
area/rootless Rootless mode
Projects
None yet
Milestone
24.0.7
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@AkihiroSuda @thaJeztah @cpuguy83