Add support for oom_score_adj value from containers.conf

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-06-21 09:28:09 +08:00 · 2023-03-16 16:54:24 -04:00
parent f1bcd0d781
commit 46d1650403
4 changed files with 56 additions and 0 deletions
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@ -37,6 +37,10 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 	}
 	s.Rlimits = append(rlimits, s.Rlimits...)
 	if s.OOMScoreAdj == nil {
 		s.OOMScoreAdj = rtc.Containers.OOMScoreAdj
 	}
 	// If joining a pod, retrieve the pod for use, and its infra container
 	var pod *libpod.Pod
 	var infra *libpod.Container
--- a/test/e2e/config/containers.conf
+++ b/test/e2e/config/containers.conf
@ -12,6 +12,8 @@ default_ulimits = [
  "nofile=500:500",
 ]
 oom_score_adj=999
 # Environment variable list for the conmon process; used for passing necessary
 # environment variables to conmon or the runtime.
 #
--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@ -70,6 +70,38 @@ var _ = Describe("Verify podman containers.conf usage", func() {
 	})
 	It("oom-score-adj", func() {
 		SkipIfRootlessCgroupsV1("Setting limits not supported on cgroupv1 for rootless users")
 		// containers.conf is set to "oom_score_adj=999"
 		session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/proc/self/oom_score_adj"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		Expect(session.OutputToString()).To(Equal("999"))
 		raw, err := os.ReadFile("/proc/self/oom_score_adj")
 		Expect(err).ToNot(HaveOccurred())
 		rawS := strings.TrimSuffix(string(raw), "\n")
 		// Reset CONTAINERS_CONF to "/dev/null"
 		// Local should go back to defaults but remote should be set on server side
 		os.Setenv("CONTAINERS_CONF", "/dev/null")
 		session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/proc/self/oom_score_adj"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		if IsRemote() {
 			Expect(session.OutputToString()).To(Equal("999"))
 		} else {
 			if isRootless() {
 				Expect(session.OutputToString()).To(ContainSubstring(rawS))
 			} else {
 				Expect(session.OutputToString()).To(ContainSubstring("0"))
 			}
 		}
 	})
 	It("having additional env", func() {
 		// containers.conf default env includes foo
 		session := podmanTest.Podman([]string{"run", ALPINE, "printenv"})
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@ -840,6 +840,24 @@ EOF
    current_oom_score_adj=$(cat /proc/self/oom_score_adj)
    run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
    is "$output" "$current_oom_score_adj" "different oom_score_adj in the container"
    oomscore=$((current_oom_score_adj+1))
    run_podman run --oom-score-adj=$oomscore --rm $IMAGE cat /proc/self/oom_score_adj
    is "$output" "$oomscore" "one more then default oomscore"
    skip_if_remote "containersconf needs to be set on server side"
    oomscore=$((oomscore+1))
    containersconf=$PODMAN_TMPDIR/containers.conf
    cat >$containersconf <<EOF
 [containers]
 oom_score_adj=$oomscore
 EOF
    CONTAINERS_CONF=$PODMAN_TMPDIR/containers.conf run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
    is "$output" "$oomscore" "two more then default oomscore"
    oomscore=$((oomscore+1))
    CONTAINERS_CONF=$PODMAN_TMPDIR/containers.conf run_podman run --oom-score-adj=$oomscore --rm $IMAGE cat /proc/self/oom_score_adj
    is "$output" "$oomscore" "--oom-score-adj should overide containers.conf"
 }
 # CVE-2022-1227 : podman top joins container mount NS and uses nsenter from image