Re: Alternate method of running swapon?
On Wed, Jan 8, 2020 at 1:26 PM Bernd Petrovitsch wrote: > > Hi all! > > On 08/01/2020 19:09, Jeffrey Walton wrote: > [...] > > I work with an open source project. We have a VM but it is low-end. > > The machine suffers OOM kills. We don't have access to /etc/fstab. > > Apparently you run too many (or too fat) programs;-) > > > Everything is an upsell with the VPS provider. > > > > I'm trying to setup a swapfile during startup using Systemd but: > > > > # swapon /swapfile > > swapon: /swapfile: swapon failed: Operation not permitted > > > > This may be useful: > [... nope ] > > > My question is, is there a way to sidestep the restriction? Is it > > possible to ask the kernel to use the swapfile without using the > > command? > > The swapon (and swapoff) command basically calls the swapon() > syscall (and swapoff() syscall, respectively) and their manual > page say the caller needs CAP_SYS_ADMIN capability which usually > means being "root". > > Does it work in a root-shell? No, it does not work in a root shell. The output is capsh is below. The man page for capsh(1) does not tell me how to interpret it. Does cap_sys_admin under "current" mean I have it? Or does lack of cap_sys_admin in "bounding" mean I lack it? Jeff # capsh --print Current: = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_setfcap+eip Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_chroot,cap_sys_ptrace,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap Securebits: 00/0x0/1'b0 secure-noroot: no (unlocked) secure-no-suid-fixup: no (unlocked) secure-keep-caps: no (unlocked) uid=0(root) gid=0(root) groups=0(root) ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Alternate method of running swapon?
On Wed, Jan 08, 2020 at 03:08:42PM -0500, Jeffrey Walton wrote: > It looks like this is coming from the OpenVZ folks. They feel a > swapfile would negatively impact performance, so it is disabled. Yep, since this is not a full VM but rather a container, there is not much to do other than buying a bigger VPS. > (I'm not sure how a DoS is considered a good result, given an OOM kill > just about always knocks out MySQL). Swap in a way converts memory access into disk IO. And since a lot of disk IO can harm all services running on the host, for the operator it is safer to OOM kill one process and save all the others :) -- Valentin ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Alternate method of running swapon?
On Wed, Jan 8, 2020 at 1:43 PM Valentin Vidić wrote: > > On Wed, Jan 08, 2020 at 01:33:21PM -0500, Jeffrey Walton wrote: > > I believe this is the relevant part from the Pastebin: > > > > readlink("/swapfile", 0x7ffefb4c0810, 4096) = -1 EINVAL (Invalid argument) > > stat("/swapfile", {st_mode=S_IFREG|0600, st_size=2147483648, ...}) = 0 > > open("/swapfile", O_RDONLY) = 3 > > read(3, > > "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > > 65536) = 65536 > > close(3)= 0 > > swapon("/swapfile", 0) = -1 EPERM (Operation not permitted) > > Yes, the swapon call fails with this error. You can check the kernel > name with uname -a, but it probably runs a custom build and you can't > reboot with a different one to enable swap functionality. It looks like this is coming from the OpenVZ folks. They feel a swapfile would negatively impact performance, so it is disabled. (I'm not sure how a DoS is considered a good result, given an OOM kill just about always knocks out MySQL). Jeff ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Alternate method of running swapon?
On Wed, Jan 08, 2020 at 01:33:21PM -0500, Jeffrey Walton wrote: > I believe this is the relevant part from the Pastebin: > > readlink("/swapfile", 0x7ffefb4c0810, 4096) = -1 EINVAL (Invalid argument) > stat("/swapfile", {st_mode=S_IFREG|0600, st_size=2147483648, ...}) = 0 > open("/swapfile", O_RDONLY) = 3 > read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 65536) = 65536 > close(3)= 0 > swapon("/swapfile", 0) = -1 EPERM (Operation not permitted) Yes, the swapon call fails with this error. You can check the kernel name with uname -a, but it probably runs a custom build and you can't reboot with a different one to enable swap functionality. -- Valentin ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Alternate method of running swapon?
On Wed, Jan 8, 2020 at 1:23 PM Valentin Vidić wrote: > > On Wed, Jan 08, 2020 at 01:09:23PM -0500, Jeffrey Walton wrote: > > Hi Everyone, > > > > I work with an open source project. We have a VM but it is low-end. > > The machine suffers OOM kills. We don't have access to /etc/fstab. > > Everything is an upsell with the VPS provider. > > > > I'm trying to setup a swapfile during startup using Systemd but: > > > > # swapon /swapfile > > swapon: /swapfile: swapon failed: Operation not permitted > > > > This may be useful: > > > > # command -v swapon > > /sbin/swapon > > # file /sbin/swapo > > swapoff swapon > > # file /sbin/swapon > > /sbin/swapon: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), > > dynamically linked (uses shared libs), for GNU/Linux 2.6.32, > > BuildID[sha1]=a4891bc4dcfc533c61d76aa3e69870ab35d90c89, stripped > > > > My question is, is there a way to sidestep the restriction? Is it > > possible to ask the kernel to use the swapfile without using the > > command? > > You can try running for more details: > > # strace swapon /swapfile > > but the swap functionality is probably disabled in the kernel itself. Thanks Valentin. Here is the full Pastebin: https://pastebin.com/hHAv5T0N . I believe this is the relevant part from the Pastebin: readlink("/swapfile", 0x7ffefb4c0810, 4096) = -1 EINVAL (Invalid argument) stat("/swapfile", {st_mode=S_IFREG|0600, st_size=2147483648, ...}) = 0 open("/swapfile", O_RDONLY) = 3 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 65536) = 65536 close(3)= 0 swapon("/swapfile", 0) = -1 EPERM (Operation not permitted) open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2502, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbd8207000 read(3, "# Locale name alias data base.\n#"..., 4096) = 2502 read(3, "", 4096) = 0 close(3)= 0 munmap(0x7fdbd8207000, 4096)= 0 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory) ... Jeff ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Alternate method of running swapon?
On Wed, Jan 08, 2020 at 01:09:23PM -0500, Jeffrey Walton wrote: > Hi Everyone, > > I work with an open source project. We have a VM but it is low-end. > The machine suffers OOM kills. We don't have access to /etc/fstab. > Everything is an upsell with the VPS provider. > > I'm trying to setup a swapfile during startup using Systemd but: > > # swapon /swapfile > swapon: /swapfile: swapon failed: Operation not permitted > > This may be useful: > > # command -v swapon > /sbin/swapon > # file /sbin/swapo > swapoff swapon > # file /sbin/swapon > /sbin/swapon: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), > dynamically linked (uses shared libs), for GNU/Linux 2.6.32, > BuildID[sha1]=a4891bc4dcfc533c61d76aa3e69870ab35d90c89, stripped > > My question is, is there a way to sidestep the restriction? Is it > possible to ask the kernel to use the swapfile without using the > command? Odds are the VPS provider is blocking it in the kernel they provide to you. You can always just try to write your own program that does the same syscalls that 'swapon' does, but I doubt that works. Perhaps spring for a bigger vm? greg k-h ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Alternate method of running swapon?
Hi all! On 08/01/2020 19:09, Jeffrey Walton wrote: [...] > I work with an open source project. We have a VM but it is low-end. > The machine suffers OOM kills. We don't have access to /etc/fstab. Apparently you run too many (or too fat) programs;-) > Everything is an upsell with the VPS provider. > > I'm trying to setup a swapfile during startup using Systemd but: > > # swapon /swapfile > swapon: /swapfile: swapon failed: Operation not permitted > > This may be useful: [... nope ] > My question is, is there a way to sidestep the restriction? Is it > possible to ask the kernel to use the swapfile without using the > command? The swapon (and swapoff) command basically calls the swapon() syscall (and swapoff() syscall, respectively) and their manual page say the caller needs CAP_SYS_ADMIN capability which usually means being "root". Does it work in a root-shell? The man page says further under errors: snip EPERM: The caller does not have the CAP_SYS_ADMIN capability. Alternatively, the maximum number of swap files are already in use; see NOTES below. snip The notes below just talk about the maximum numbers of swapfile depending on the kernel version and activates features. If the kernel is built/provided by the VPS provider, there may be further limitations MfG, Bernd PS: I'm not guessing why -- "I dislike type abstraction if it has no real reason. And saving on typing is not a good reason - if your typing speed is the main issue when you're coding, you're doing something seriously wrong." - Linus Torvalds pEpkey.asc Description: application/pgp-keys ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Alternate method of running swapon?
On Wed, Jan 08, 2020 at 01:09:23PM -0500, Jeffrey Walton wrote: > Hi Everyone, > > I work with an open source project. We have a VM but it is low-end. > The machine suffers OOM kills. We don't have access to /etc/fstab. > Everything is an upsell with the VPS provider. > > I'm trying to setup a swapfile during startup using Systemd but: > > # swapon /swapfile > swapon: /swapfile: swapon failed: Operation not permitted > > This may be useful: > > # command -v swapon > /sbin/swapon > # file /sbin/swapo > swapoff swapon > # file /sbin/swapon > /sbin/swapon: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), > dynamically linked (uses shared libs), for GNU/Linux 2.6.32, > BuildID[sha1]=a4891bc4dcfc533c61d76aa3e69870ab35d90c89, stripped > > My question is, is there a way to sidestep the restriction? Is it > possible to ask the kernel to use the swapfile without using the > command? You can try running for more details: # strace swapon /swapfile but the swap functionality is probably disabled in the kernel itself. -- Valentin ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies