Skip to content

fix: fix oom_score adjustments failing if caps set #15758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Dec 5, 2024
+101 −14
Merged

fix: fix oom_score adjustments failing if caps set #15758

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
a137ccd
debug
sreya Nov 28, 2024
c74d070
set dumpable fixes it
sreya Dec 2, 2024
158e117
lock thread at the top
sreya Dec 2, 2024
161d3dc
drop caps
sreya Dec 4, 2024
2bd0372
drop caps
sreya Dec 4, 2024
3d43a34
remove debug
sreya Dec 4, 2024
157e445
wording
sreya Dec 4, 2024
d53777d
add test
sreya Dec 5, 2024
6cd12d7
fmt
sreya Dec 5, 2024
c08ae1f
no prompt for sudo
sreya Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
drop caps
  • Loading branch information
@sreya
sreya committed Dec 4, 2024
commit 161d3dce0299d792235c93dd249c9a77fd3d7125
37 changes: 35 additions & 2 deletions agent/agentexec/cli_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,16 @@ func CLI() error {
}
}

err = unix.Prctl(unix.PR_SET_DUMPABLE, 1, 0, 0, 0)
err = dropEffectiveCaps()
if err != nil {
printfStdErr("failed to set dumpable: %v", err)
printfStdErr("failed to drop effective caps: %v", err)
}

// err = unix.Prctl(unix.PR_SET_DUMPABLE, 1, 0, 0, 0)
// if err != nil {
// printfStdErr("failed to set dumpable: %v", err)
// }

err = writeOOMScoreAdj(*oom)
if err != nil {
// We alert the user instead of failing the command since it can be difficult to debug
Expand All @@ -64,6 +69,11 @@ func CLI() error {
printfStdErr("failed to adjust oom score to %d for cmd %+v: %v", *oom, execArgs(os.Args), err)
}

err = unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
if err != nil {
printfStdErr("failed to unset dumpable: %v", err)
}

// Get everything after "coder agent-exec --"
args := execArgs(os.Args)
if len(args) == 0 {
Expand Down Expand Up @@ -157,3 +167,26 @@ func execArgs(args []string) []string {
func printfStdErr(format string, a ...any) {
_, _ = fmt.Fprintf(os.Stderr, "coder-agent: %s\n", fmt.Sprintf(format, a...))
}

func dropEffectiveCaps() error {
// Get the current capabilities
var header unix.CapUserHeader
var data unix.CapUserData

header.Version = unix.LINUX_CAPABILITY_VERSION_3
header.Pid = 0 // 0 means current process

// Get current caps
if err := unix.Capget(&header, &data); err != nil {
return xerrors.Errorf("capget failed: %v", err)
}

// Clear the effective set by setting it to 0
data.Effective = 0

// Set the new capabilities
if err := unix.Capset(&header, &data); err != nil {
return xerrors.Errorf("capset failed: %v", err)
}
return nil
}