mirror of
https://github.com/systemd/systemd
synced 2024-07-22 02:34:54 +00:00
7161af9612
For some reason root in GH actions is able to _decrease_ its oom score even after dropping all capabilities (including CAP_SYS_RESOURCE), until the oom score is changed explicitly after sudo: $ systemd-detect-virt microsoft $ sudo su - ~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101' Current: = Bounding set = Ambient set = Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,...,!cap_sys_resource,...,!cap_checkpoint_restore Securebits: 00/0x0/1'b0 secure-noroot: no (unlocked) secure-no-suid-fixup: no (unlocked) secure-keep-caps: no (unlocked) secure-no-ambient-raise: no (unlocked) uid=0(root) euid=0(root) gid=0(root) groups=0(root) Guessed mode: UNCERTAIN (0) /proc/self/oom_adj:8 /proc/self/oom_score:1000 /proc/self/oom_score_adj:500 pid 22180's OOM score adjust value changed from 500 to -101 ~# choom -p $$ -n 500 pid 22027's OOM score adjust value changed from 500 to 500 ~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101' Current: = Bounding set = Ambient set = ... uid=0(root) euid=0(root) gid=0(root) groups=0(root) Guessed mode: UNCERTAIN (0) /proc/self/oom_adj:8 /proc/self/oom_score:1000 /proc/self/oom_score_adj:500 choom: failed to set score adjust value: Permission denied I have no idea what's going on, but it breaks exec-oomscoreadjust-negative.service from test-execute when running unprivileged. |
||
|---|---|---|
| .. | ||
| codeql-queries | ||
| ISSUE_TEMPLATE | ||
| workflows | ||
| advanced-issue-labeler.yml | ||
| codeql-config.yml | ||
| codeql-custom.qls | ||
| dependabot.yml | ||
| development-freeze.yml | ||
| FUNDING.yml | ||
| labeler.yml | ||