Bug 1375877

Summary: Negative oomScoreAdj values fail when userns-remap is enabled in the daemon
Product: OKD Reporter: Paul Weil <pweil>
Component: ContainersAssignee: Jhon Honce <jhonce>
Status: CLOSED WONTFIX QA Contact: DeShuai Ma <dma>
Severity: low Docs Contact:
Priority: low    
Version: 3.xCC: aos-bugs, haowang, jhonce, jpazdziora, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-27 16:33:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Paul Weil 2016-09-14 07:13:32 UTC 
Description of problem:

In docker 1.10 using a negative oomScoreAdj value results in 'write /proc/self/oom_score_adj: permission denied'.  This appears to work in later versions so this bug is only if we need to address the issue in 1.10.


Version-Release number of selected component (if applicable):

[vagrant@localhost ~]$ docker version
Client:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-1.10.3-24.gitf476348.fc23.x86_64
 Go version:      go1.5.4
 Git commit:      f476348/1.10.3
 Built:           
 OS/Arch:         linux/amd64

Server:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-1.10.3-24.gitf476348.fc23.x86_64
 Go version:      go1.5.4
 Git commit:      f476348/1.10.3
 Built:           
 OS/Arch:         linux/amd64



How reproducible:

Always.  

Steps to Reproduce:
1.  edit /etc/sysconfig/docker and add --userns-remap=default
2.  systemctl restart docker
3.  docker run --oom-score-adj=-999 gcr.io/google_containers/pause-amd64:3.0

Actual results:

write /proc/self/oom_score_adj: permission denied
docker: Error response from daemon: Cannot start container 25e841dac5e5e65e509042a679bde32e10d48a0aa8c04e77abdd1908e180ac7a: [9] System error: could not synchronise with container process.



Expected results:

container starts


Additional info:  tested and working in 1.12 and works in 1.10 when userns-remap is not enabled.
Comment 1 Jan Pazdziora 2017-11-21 12:59:21 UTC 
Given are are not likely to support 1.10, should this be closed as WONTFIX?