Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: explicitly change oom-{score}-adj before running tests
For some reason a user in GH actions is able to _decrease_ its oom score even after dropping all capabilities (including CAP_SYS_RESOURCE), until the oom score is changed explicitly after sudo: $ systemd-detect-virt microsoft $ sudo su - ~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101' Current: = Bounding set = Ambient set = Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,...,!cap_sys_resource,...,!cap_checkpoint_restore Securebits: 00/0x0/1'b0 secure-noroot: no (unlocked) secure-no-suid-fixup: no (unlocked) secure-keep-caps: no (unlocked) secure-no-ambient-raise: no (unlocked) uid=0(root) euid=0(root) gid=0(root) groups=0(root) Guessed mode: UNCERTAIN (0) /proc/self/oom_adj:8 /proc/self/oom_score:1000 /proc/self/oom_score_adj:500 pid 22180's OOM score adjust value changed from 500 to -101 ~# choom -p $$ -n 500 pid 22027's OOM score adjust value changed from 500 to 500 ~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101' Current: = Bounding set = Ambient set = ... uid=0(root) euid=0(root) gid=0(root) groups=0(root) Guessed mode: UNCERTAIN (0) /proc/self/oom_adj:8 /proc/self/oom_score:1000 /proc/self/oom_score_adj:500 choom: failed to set score adjust value: Permission denied I have no idea what's going on, but it breaks exec-oomscoreadjust-negative.service from test-execute when running unprivileged.
- Loading branch information
