Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Any negative value in OOMScoreAdjust kills the command in ExecStart (and
others..). There are services with OOMScoreAdjust=-1000 by default
like PostgreSQL.
container> rpm -q systemd-container
systemd-container-208.20-4.el7.x86_64
host> rpm -q docker
docker-1.5.0-29.el7.x86_64
host> getenforce
Permissive
Steps to reproduce:
[root@e26a93fe3d94 ~]# cat /usr/lib/systemd/system/oom-fail.service
[Unit]
Description=test oom fail
After=network.target
[Service]
Type=oneshot
OOMScoreAdjust=-1
ExecStart=/usr/bin/true
[root@e26a93fe3d94 ~]# systemctl start oom-fail
Job for oom-fail.service failed. See 'systemctl status oom-fail.service' and 'journalctl -xn' for details.
[root@e26a93fe3d94 ~]# systemctl status oom-fail
oom-fail.service - test oom fail
Loaded: loaded (/usr/lib/systemd/system/oom-fail.service; static)
Drop-In: /run/systemd/system/oom-fail.service.d
└─00-docker.conf
Active: failed (Result: exit-code) since Wed 2015-04-08 10:37:12 EDT; 1s ago
Process: 301 ExecStart=/usr/bin/true (code=exited, status=206/OOM_ADJUST)
Main PID: 301 (code=exited, status=206/OOM_ADJUST)
Apr 08 10:37:12 e26a93fe3d94 systemd[1]: oom-fail.service: main process exited, code=exited, status=206/OOM_ADJUST
Apr 08 10:37:12 e26a93fe3d94 systemd[1]: Failed to start test oom fail.
Apr 08 10:37:12 e26a93fe3d94 systemd[1]: Unit oom-fail.service entered failed state.
[root@e26a93fe3d94 ~]# journalctl -xn
.......
Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Starting test oom fail...
-- Subject: Unit oom-fail.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit oom-fail.service has begun starting up.
Apr 08 10:39:32 e26a93fe3d94 systemd[307]: Failed at step OOM_ADJUST spawning /usr/bin/true: Permission denied
-- Subject: Process /usr/bin/true could not be executed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- The process /usr/bin/true could not be executed and failed.
--
-- The error number returned while executing this process is 13.
Apr 08 10:39:32 e26a93fe3d94 systemd[1]: oom-fail.service: main process exited, code=exited, status=206/OOM_ADJUST
Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Failed to start test oom fail.
-- Subject: Unit oom-fail.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit oom-fail.service has failed.
--
-- The result is failed.
Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Unit oom-fail.service entered failed state.
Playing with "/proc/PID/oom_score_adj":
# echo -1 > /proc/1/oom_score_adj
bash: echo: write error: Permission denied
.. it seems like I'm always able to adjust the score with positive values,
with --privileged container I'm also able to set negative score.
(In reply to Lukáš Nykrýn from comment #2)
> We should ignore OOM score in the container.
Should not systemd make the setting of oom_score_adj value non-fatal (with
warning possibly) for non-privileged containers? Seems like negative value is
denied intentionally..
> Should not systemd make the setting of oom_score_adj value non-fatal (with
> warning possibly) for non-privileged containers? Seems like negative value
> is
> denied intentionally..
Well we should do the same what we are doing for similar variables :)
Any negative value in OOMScoreAdjust kills the command in ExecStart (and others..). There are services with OOMScoreAdjust=-1000 by default like PostgreSQL. container> rpm -q systemd-container systemd-container-208.20-4.el7.x86_64 host> rpm -q docker docker-1.5.0-29.el7.x86_64 host> getenforce Permissive Steps to reproduce: [root@e26a93fe3d94 ~]# cat /usr/lib/systemd/system/oom-fail.service [Unit] Description=test oom fail After=network.target [Service] Type=oneshot OOMScoreAdjust=-1 ExecStart=/usr/bin/true [root@e26a93fe3d94 ~]# systemctl start oom-fail Job for oom-fail.service failed. See 'systemctl status oom-fail.service' and 'journalctl -xn' for details. [root@e26a93fe3d94 ~]# systemctl status oom-fail oom-fail.service - test oom fail Loaded: loaded (/usr/lib/systemd/system/oom-fail.service; static) Drop-In: /run/systemd/system/oom-fail.service.d └─00-docker.conf Active: failed (Result: exit-code) since Wed 2015-04-08 10:37:12 EDT; 1s ago Process: 301 ExecStart=/usr/bin/true (code=exited, status=206/OOM_ADJUST) Main PID: 301 (code=exited, status=206/OOM_ADJUST) Apr 08 10:37:12 e26a93fe3d94 systemd[1]: oom-fail.service: main process exited, code=exited, status=206/OOM_ADJUST Apr 08 10:37:12 e26a93fe3d94 systemd[1]: Failed to start test oom fail. Apr 08 10:37:12 e26a93fe3d94 systemd[1]: Unit oom-fail.service entered failed state. [root@e26a93fe3d94 ~]# journalctl -xn ....... Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Starting test oom fail... -- Subject: Unit oom-fail.service has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit oom-fail.service has begun starting up. Apr 08 10:39:32 e26a93fe3d94 systemd[307]: Failed at step OOM_ADJUST spawning /usr/bin/true: Permission denied -- Subject: Process /usr/bin/true could not be executed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- The process /usr/bin/true could not be executed and failed. -- -- The error number returned while executing this process is 13. Apr 08 10:39:32 e26a93fe3d94 systemd[1]: oom-fail.service: main process exited, code=exited, status=206/OOM_ADJUST Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Failed to start test oom fail. -- Subject: Unit oom-fail.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit oom-fail.service has failed. -- -- The result is failed. Apr 08 10:39:32 e26a93fe3d94 systemd[1]: Unit oom-fail.service entered failed state.