ryantimwilson / rpms / systemd

Forked from rpms/systemd a month ago
Clone
ac3a84
From 6135d6239a40edb260dde80e5662d3e062dde0bd Mon Sep 17 00:00:00 2001
ac3a84
From: Nick Rosbrook <nick.rosbrook@canonical.com>
ac3a84
Date: Tue, 22 Nov 2022 10:33:55 -0500
ac3a84
Subject: [PATCH] oomd: always allow root-owned cgroups to set
ac3a84
 ManagedOOMPreference
ac3a84
ac3a84
Commit 652a4efb66a ("oomd: loosen the restriction on ManagedOOMPreference")
ac3a84
made the change to allow ManagedOOMPreference on a cgroup candidate when
ac3a84
the monitored cgroup and cgroup candidate are owned by the same user.
ac3a84
ac3a84
The commit assumed that this check was sufficient to continue allowing
ac3a84
ManagedOOMPreference on all cgroups owned by root. However, it caused a
ac3a84
regression for unprivileged LXD containers where e.g. /sys/fs/cgroup is
ac3a84
owned by nobody (uid=65534).
ac3a84
ac3a84
Fix this by explicitly allowing the ManagedOOMPreference if uid == 0 in
ac3a84
oomd_fetch_cgroup_oom_preference().
ac3a84
ac3a84
(cherry picked from commit 89186093485b52ca957d17842fc1f7c87958454a)
ac3a84
ac3a84
Related: #2138081
ac3a84
---
ac3a84
 src/oom/oomd-util.c | 2 +-
ac3a84
 1 file changed, 1 insertion(+), 1 deletion(-)
ac3a84
ac3a84
diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c
ac3a84
index 1fc81d1843..70a1dc941e 100644
ac3a84
--- a/src/oom/oomd-util.c
ac3a84
+++ b/src/oom/oomd-util.c
ac3a84
@@ -164,7 +164,7 @@ int oomd_fetch_cgroup_oom_preference(OomdCGroupContext *ctx, const char *prefix)
ac3a84
         if (r < 0)
ac3a84
                 return log_debug_errno(r, "Failed to get owner/group from %s: %m", ctx->path);
ac3a84
 
ac3a84
-        if (uid == prefix_uid) {
ac3a84
+        if (uid == prefix_uid || uid == 0) {
ac3a84
                 /* Ignore most errors when reading the xattr since it is usually unset and cgroup xattrs are only used
ac3a84
                  * as an optional feature of systemd-oomd (and the system might not even support them). */
ac3a84
                 r = cg_get_xattr_bool(SYSTEMD_CGROUP_CONTROLLER, ctx->path, "user.oomd_avoid");