diff options
| author | Nick Rosbrook <nick.rosbrook@canonical.com> | 2022-11-22 10:33:55 -0500 |
|---|---|---|
| committer | Nick Rosbrook <nick.rosbrook@canonical.com> | 2022-11-23 15:43:51 -0500 |
| commit | 89186093485b52ca957d17842fc1f7c87958454a (patch) | |
| tree | c651e9562ed878d03f950b580fe1cc0d9166bbed /src/oom | |
| parent | 3f9b0e1343a814704485d27def77b7f025573d83 (diff) | |
| download | systemd-89186093485b52ca957d17842fc1f7c87958454a.tar.gz | |
oomd: always allow root-owned cgroups to set ManagedOOMPreference
Commit 652a4efb66a ("oomd: loosen the restriction on ManagedOOMPreference")
made the change to allow ManagedOOMPreference on a cgroup candidate when
the monitored cgroup and cgroup candidate are owned by the same user.
The commit assumed that this check was sufficient to continue allowing
ManagedOOMPreference on all cgroups owned by root. However, it caused a
regression for unprivileged LXD containers where e.g. /sys/fs/cgroup is
owned by nobody (uid=65534).
Fix this by explicitly allowing the ManagedOOMPreference if uid == 0 in
oomd_fetch_cgroup_oom_preference().
Diffstat (limited to 'src/oom')
| -rw-r--r-- | src/oom/oomd-util.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c index 1fc81d1843..70a1dc941e 100644 --- a/src/oom/oomd-util.c +++ b/src/oom/oomd-util.c @@ -164,7 +164,7 @@ int oomd_fetch_cgroup_oom_preference(OomdCGroupContext *ctx, const char *prefix) if (r < 0) return log_debug_errno(r, "Failed to get owner/group from %s: %m", ctx->path); - if (uid == prefix_uid) { + if (uid == prefix_uid || uid == 0) { /* Ignore most errors when reading the xattr since it is usually unset and cgroup xattrs are only used * as an optional feature of systemd-oomd (and the system might not even support them). */ r = cg_get_xattr_bool(SYSTEMD_CGROUP_CONTROLLER, ctx->path, "user.oomd_avoid"); |