[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#487325: openssh-server: /etc/default/ssh setting for oom_adj confused

tags 487325 pending
thanks

On Fri, Jun 20, 2008 at 07:27:30PM -0400, Micah Anderson wrote:
> I discovered recently during a testing migration that in a vserver
> environment you do not have the capability to adjust /proc values.
> 
> This means that the oom_adj results in a lot of noise in the logfiles:
> 
> sshd[9363]: error writing /proc/self/oom_adj: Operation not permitted

I wonder if there's any way to detect this? Maybe I should just not
print EPERM errors? If possible, I'd rather have a default that works
for nearly everyone.

> Ok, so I thought I would disable it by tweaking the following in
> /etc/default/ssh:
> 
> # OOM-killer adjustment for sshd (see
> # linux/Documentation/filesystems/proc.txt; lower values reduce
> # likelihood
> # of being killed, -17 = disable)
> SSHD_OOM_ADJUST=-17
> 
> Hmmm... its already set to -17 and -17 is 'disable'? Why isn't it
> disabled then if its already set here to be disabled?

I think perhaps the wording here is simply misleading. What "disable"
means here is "disable the OOM-killer", that is "tell the kernel never
to kill this process".

I've changed the text as follows:

  # OOM-killer adjustment for sshd (see
  # linux/Documentation/filesystems/proc.txt; lower values reduce likelihood
  # of being killed, while -17 means the OOM-killer will ignore sshd; set to
  # the empty string to skip adjustment)

> The source made me think that setting it to 0 should disable it:
> 
> +  const char *oom_adj = getenv("SSHD_OOM_ADJUST");
> +  if (!oom_adj)
> +     return;
> 
> I've tried setting this to 0, -17, no setting, and commenting it out
> of the file altogether, but it still is being attempted....
> 
> After trial-and-error it seems like it shouldn't be set to anything at
> all if it is supposed to be disabled. So, the environment variable
> SSHD_OOM_ADJUST needs to be non-existant to actually disable it. I
> don't understand why, unless there is some environment scrubbing going
> on?

My intent was that the empty string would prevent fiddling with the
OOM-killer, but that didn't work due to an implementation bug (the above
should have been 'if (!oom_adj || !*oom_adj) return;'). I've fixed this
in CVS.

> It doesn't help that in /etc/init.d/ssh, we find this:
> 
> export SSHD_OOM_ADJUST=-17
> 
> right before the sourcing of the /etc/default/ssh file. 
> 
> So the only way to really disable this is to comment out both
> the line in /etc/init.d/ssh where the environment variable is
> set to -17 and the line in /etc/default/ssh where it is also set.

No, even at present, 'unset SSHD_OOM_ADJUST' in /etc/default/ssh would
do it without having to edit the init script.

> I'm guessing that you were going for it a disable value of 0+ do it,
> but it seems that is completely ignored, for whatever reason that is
> beyond me.

I wasn't - 0+ still adjusts the OOM-killer, just in a different
direction. (The range of valid values offered by the kernel is -17 to
+15. Not my idea!)

Thanks for your report,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: