jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diff --git a/jail/jail.c b/jail/jail.c
index df990f1bac94a8902a3574e51073f937029b2b9c..62da3ec64769fce2b08f38c862efdd85dfafd1b6 100644 (file)
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -117,6 +117,8 @@ static struct {
                struct hook_execvpe **poststop;
        } hooks;
        struct rlimit *rlimits[RLIM_NLIMITS];
+       int oom_score_adj;
+       bool set_oom_score_adj;
 } opts;
 
 static void free_hooklist(struct hook_execvpe **hooklist)
@@ -1416,6 +1418,7 @@ enum {
        OCI_PROCESS_CAPABILITIES,
        OCI_PROCESS_CWD,
        OCI_PROCESS_ENV,
+       OCI_PROCESS_OOMSCOREADJ,
        OCI_PROCESS_NONEWPRIVILEGES,
        OCI_PROCESS_RLIMITS,
        OCI_PROCESS_TERMINAL,
@@ -1428,6 +1431,7 @@ static const struct blobmsg_policy oci_process_policy[] = {
        [OCI_PROCESS_CAPABILITIES] = { "capabilities", BLOBMSG_TYPE_TABLE },
        [OCI_PROCESS_CWD] = { "cwd", BLOBMSG_TYPE_STRING },
        [OCI_PROCESS_ENV] = { "env", BLOBMSG_TYPE_ARRAY },
+       [OCI_PROCESS_OOMSCOREADJ] = { "oomScoreAdj", BLOBMSG_TYPE_INT32 },
        [OCI_PROCESS_NONEWPRIVILEGES] = { "noNewPrivileges", BLOBMSG_TYPE_BOOL },
        [OCI_PROCESS_RLIMITS] = { "rlimits", BLOBMSG_TYPE_ARRAY },
        [OCI_PROCESS_TERMINAL] = { "terminal", BLOBMSG_TYPE_BOOL },
@@ -1472,6 +1476,11 @@ static int parseOCIprocess(struct blob_attr *msg)
            (res = parseOCIrlimits(tb[OCI_PROCESS_RLIMITS])))
                return res;
 
+       if (tb[OCI_PROCESS_OOMSCOREADJ]) {
+               opts.oom_score_adj = blobmsg_get_u32(tb[OCI_PROCESS_OOMSCOREADJ]);
+               opts.set_oom_score_adj = true;
+       }
+
        return 0;
 }
 
@@ -1808,6 +1817,25 @@ static int parseOCI(const char *jsonfile)
        return 0;
 }
 
+static int set_oom_score_adj(void)
+{
+       int f;
+       char fname[32];
+
+       if (!opts.set_oom_score_adj)
+               return 0;
+
+       snprintf(fname, sizeof(fname), "/proc/%u/oom_score_adj", jail_process.pid);
+       f = open(fname, O_WRONLY | O_TRUNC);
+       if (f == -1)
+               return errno;
+
+       dprintf(f, "%d", opts.oom_score_adj);
+       close(f);
+
+       return 0;
+}
+
 int main(int argc, char **argv)
 {
        sigset_t sigmask;
@@ -2047,6 +2075,8 @@ int main(int argc, char **argv)
                        return -1;
                }
                close(pipes[0]);
+               set_oom_score_adj();
+
                if (opts.namespace & CLONE_NEWUSER) {
                        if (write_setgroups(jail_process.pid, true)) {
                                ERROR("can't write setgroups\n");