Bug#487325: openssh-server: /etc/default/ssh setting for oom_adj confused
Package: openssh-server
Version: 1:4.7p1-12
Severity: normal
Hi there!
I discovered recently during a testing migration that in a vserver
environment you do not have the capability to adjust /proc values.
This means that the oom_adj results in a lot of noise in the logfiles:
sshd[9363]: error writing /proc/self/oom_adj: Operation not permitted
Ok, so I thought I would disable it by tweaking the following in
/etc/default/ssh:
# OOM-killer adjustment for sshd (see
# linux/Documentation/filesystems/proc.txt; lower values reduce
# likelihood
# of being killed, -17 = disable)
SSHD_OOM_ADJUST=-17
Hmmm... its already set to -17 and -17 is 'disable'? Why isn't it
disabled then if its already set here to be disabled? The source
made me think that setting it to 0 should disable it:
+ const char *oom_adj = getenv("SSHD_OOM_ADJUST");
+ if (!oom_adj)
+ return;
I've tried setting this to 0, -17, no setting, and commenting it out
of the file altogether, but it still is being attempted....
After trial-and-error it seems like it shouldn't be set to anything at
all if it is supposed to be disabled. So, the environment variable
SSHD_OOM_ADJUST needs to be non-existant to actually disable it. I
don't understand why, unless there is some environment scrubbing going
on?
It doesn't help that in /etc/init.d/ssh, we find this:
export SSHD_OOM_ADJUST=-17
right before the sourcing of the /etc/default/ssh file.
So the only way to really disable this is to comment out both
the line in /etc/init.d/ssh where the environment variable is
set to -17 and the line in /etc/default/ssh where it is also set.
I'm guessing that you were going for it a disable value of 0+ do it,
but it seems that is completely ignored, for whatever reason that is
beyond me.
In any case, having to edit the initscript to disable this is not the
right way.
I appreciate your continued maintainence of this package!
Micah
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.108 add and remove users and groups
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii dpkg 1.14.19 package maintenance system for Deb
ii libc6 2.7-12 GNU C Library: Shared libraries
ii libcomerr2 1.40.11-1 common error description library
ii libkrb53 1.6.dfsg.4~beta1-2 MIT Kerberos runtime libraries
ii libpam-modules 0.99.7.1-6 Pluggable Authentication Modules f
ii libpam-runtime 0.99.7.1-6 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-6 Pluggable Authentication Modules l
ii libselinux1 2.0.59-1 SELinux shared libraries
ii libssl0.9.8 0.9.8g-10.1 SSL shared libraries
ii libwrap0 7.6.q-15 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-12 Linux Standard Base 3.2 init scrip
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-client 1:4.7p1-12 secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.3-2 X authentication utility
-- debconf information excluded
Reply to: