Control: tags 990263 + pending Dear maintainer,
I've prepared an NMU for conmon (versioned as 2.0.25+ds1-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. cu Adrian
diff -Nru conmon-2.0.25+ds1/debian/changelog conmon-2.0.25+ds1/debian/changelog --- conmon-2.0.25+ds1/debian/changelog 2021-01-31 05:56:56.000000000 +0200 +++ conmon-2.0.25+ds1/debian/changelog 2021-07-14 20:46:07.000000000 +0300 @@ -1,3 +1,11 @@ +conmon (2.0.25+ds1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add upstream fix to not make container runtime processes + unkillable. (Closes: #990263) + + -- Adrian Bunk <b...@debian.org> Wed, 14 Jul 2021 20:46:07 +0300 + conmon (2.0.25+ds1-1) unstable; urgency=medium * New upstream release diff -Nru conmon-2.0.25+ds1/debian/patches/0001-Reset-OOM-score-back-to-0-for-container-runtime.patch conmon-2.0.25+ds1/debian/patches/0001-Reset-OOM-score-back-to-0-for-container-runtime.patch --- conmon-2.0.25+ds1/debian/patches/0001-Reset-OOM-score-back-to-0-for-container-runtime.patch 1970-01-01 02:00:00.000000000 +0200 +++ conmon-2.0.25+ds1/debian/patches/0001-Reset-OOM-score-back-to-0-for-container-runtime.patch 2021-07-14 20:46:07.000000000 +0300 @@ -0,0 +1,76 @@ +From b033cb5dfde6de05e63408fc839f1bb641cddd85 Mon Sep 17 00:00:00 2001 +From: Mrunal Patel <mrun...@gmail.com> +Date: Thu, 27 May 2021 14:09:39 -0700 +Subject: Reset OOM score back to 0 for container runtime + +We don't want container runtime procesess to be unkillable +so we reset oom_score_adj back to 0 before execv +of the runtime process. + +Signed-off-by: Mrunal Patel <mrun...@gmail.com> +--- + src/conmon.c | 4 +++- + src/oom.c | 6 ++---- + src/oom.h | 2 +- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/conmon.c b/src/conmon.c +index c349d6c..c6bd9f5 100644 +--- a/src/conmon.c ++++ b/src/conmon.c +@@ -41,7 +41,7 @@ int main(int argc, char *argv[]) + + process_cli(); + +- attempt_oom_adjust(); ++ attempt_oom_adjust("-1000"); + + /* ignoring SIGPIPE prevents conmon from being spuriously killed */ + signal(SIGPIPE, SIG_IGN); +@@ -275,6 +275,8 @@ int main(int argc, char *argv[]) + } + } + ++ // We don't want runc to be unkillable so we reset the oom_score_adj back to 0 ++ attempt_oom_adjust("0"); + execv(g_ptr_array_index(runtime_argv, 0), (char **)runtime_argv->pdata); + exit(127); + } +diff --git a/src/oom.c b/src/oom.c +index 5791777..0041a6b 100644 +--- a/src/oom.c ++++ b/src/oom.c +@@ -5,16 +5,14 @@ + #include <string.h> + #include <unistd.h> + +-#define OOM_SCORE "-1000" +- +-void attempt_oom_adjust() ++void attempt_oom_adjust(const char *const oom_score) + { + int oom_score_fd = open("/proc/self/oom_score_adj", O_WRONLY); + if (oom_score_fd < 0) { + ndebugf("failed to open /proc/self/oom_score_adj: %s\n", strerror(errno)); + return; + } +- if (write(oom_score_fd, OOM_SCORE, strlen(OOM_SCORE)) < 0) { ++ if (write(oom_score_fd, oom_score, strlen(oom_score)) < 0) { + ndebugf("failed to write to /proc/self/oom_score_adj: %s\n", strerror(errno)); + } + close(oom_score_fd); +diff --git a/src/oom.h b/src/oom.h +index 28e4178..9408c3b 100644 +--- a/src/oom.h ++++ b/src/oom.h +@@ -1,6 +1,6 @@ + #if !defined(OOM_H) + #define OOM_H + +-void attempt_oom_adjust(); ++void attempt_oom_adjust(const char *const oom_score); + + #endif // OOM_H +-- +2.20.1 + diff -Nru conmon-2.0.25+ds1/debian/patches/series conmon-2.0.25+ds1/debian/patches/series --- conmon-2.0.25+ds1/debian/patches/series 1970-01-01 02:00:00.000000000 +0200 +++ conmon-2.0.25+ds1/debian/patches/series 2021-07-14 20:46:07.000000000 +0300 @@ -0,0 +1 @@ +0001-Reset-OOM-score-back-to-0-for-container-runtime.patch