RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1209972 - Negative OOMScoreAdjust kills any process in container
Summary: Negative OOMScoreAdjust kills any process in container
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd-container
Version: 7.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Lukáš Nykrýn
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1302191
TreeView+ depends on / blocked
 
Reported: 2015-04-08 14:54 UTC by Pavel Raiskup
Modified: 2016-10-18 11:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-18 11:38:40 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Pavel Raiskup 2015-04-08 14:54:29 UTC 
Any negative value in OOMScoreAdjust kills the command in ExecStart (and
others..).  There are services with OOMScoreAdjust=-1000 by default
like PostgreSQL.

  container> rpm -q systemd-container 
  systemd-container-208.20-4.el7.x86_64

  host> rpm -q docker
  docker-1.5.0-29.el7.x86_64
  host> getenforce
  Permissive

Steps to reproduce:

[root@e26a93fe3d94 ~]# cat /usr/lib/systemd/system/oom-fail.service 
[Unit]
Description=test oom fail
After=network.target

[Service]
Type=oneshot
OOMScoreAdjust=-1
ExecStart=/usr/bin/true
[root@e26a93fe3d94 ~]# systemctl start oom-fail
Job for oom-fail.service failed. See 'systemctl status oom-fail.service' and 'journalctl -xn' for details.
[root@e26a93fe3d94 ~]# systemctl status oom-fail
oom-fail.service - test oom fail
   Loaded: loaded (/usr/lib/systemd/system/oom-fail.service; static)
  Drop-In: /run/systemd/system/oom-fail.service.d
           └─00-docker.conf
   Active: failed (Result: exit-code) since Wed 2015-04-08 10:37:12 EDT; 1s ago
  Process: 301 ExecStart=/usr/bin/true (code=exited, status=206/OOM_ADJUST)
 Main PID: 301 (code=exited, status=206/OOM_ADJUST)

Apr 08 10:37:12 e26a93fe3d94 systemd[1]: oom-fail.service: main process exited, code=exited, status=206/OOM_ADJUST
Apr 08 10:37:12 e26a93fe3d94 systemd[1]: Failed to start test oom fail.
Apr 08 10:37:12 e26a93fe3d94 systemd[1]: Unit oom-fail.service entered failed state.
[root@e26a93fe3d94 ~]# journalctl -xn
.......
Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Starting test oom fail...
-- Subject: Unit oom-fail.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit oom-fail.service has begun starting up.
Apr 08 10:39:32 e26a93fe3d94 systemd[307]: Failed at step OOM_ADJUST spawning /usr/bin/true: Permission denied
-- Subject: Process /usr/bin/true could not be executed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- The process /usr/bin/true could not be executed and failed.
-- 
-- The error number returned while executing this process is 13.
Apr 08 10:39:32 e26a93fe3d94 systemd[1]: oom-fail.service: main process exited, code=exited, status=206/OOM_ADJUST
Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Failed to start test oom fail.
-- Subject: Unit oom-fail.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit oom-fail.service has failed.
-- 
-- The result is failed.
Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Unit oom-fail.service entered failed state.
Comment 2 Lukáš Nykrýn 2015-04-08 16:25:55 UTC 
We should ignore OOM score in the container.
Comment 3 Pavel Raiskup 2015-04-09 07:40:07 UTC 
Playing with "/proc/PID/oom_score_adj":

  # echo -1 > /proc/1/oom_score_adj
  bash: echo: write error: Permission denied

.. it seems like I'm always able to adjust the score with positive values,
with --privileged container I'm also able to set negative score.

(In reply to Lukáš Nykrýn from comment #2)
> We should ignore OOM score in the container.

Should not systemd make the setting of oom_score_adj value non-fatal (with
warning possibly) for non-privileged containers?  Seems like negative value is
denied intentionally..
Comment 4 Lukáš Nykrýn 2015-04-09 07:50:15 UTC 
> Should not systemd make the setting of oom_score_adj value non-fatal (with
> warning possibly) for non-privileged containers?  Seems like negative value
> is
> denied intentionally..

Well we should do the same what we are doing for similar variables :)
Comment 5 Jan Synacek 2016-10-18 11:38:40 UTC 
There is no systemd-container in RHEL-7 anymore.
Note You need to log in before you can comment on or make changes to this bug.