CRI: add oom_score_adj isolator

appc · Sep 23, 2016 · cd12c5a · cd12c5a
1 parent 549b066
commit cd12c5a
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 1 deletion.
diff --git a/actool/manifest.go b/actool/manifest.go
@@ -279,7 +279,7 @@ func patchManifest(im *schema.ImageManifest) error {
 			_, ok := types.ResourceIsolatorNames[name]
 
 			switch name {
-			case types.LinuxNoNewPrivilegesName:
+			case types.LinuxNoNewPrivilegesName, types.LinuxOOMScoreAdjName:
 				ok = true
 				kv := strings.Split(is, ",")
 				if len(kv) != 2 {

diff --git a/schema/types/isolator_linux_specific.go b/schema/types/isolator_linux_specific.go
@@ -17,6 +17,7 @@ package types
 import (
 	"encoding/json"
 	"errors"
+	"fmt"
 	"unicode"
 )
 
@@ -26,6 +27,7 @@ const (
 	LinuxNoNewPrivilegesName       = "os/linux/no-new-privileges"
 	LinuxSeccompRemoveSetName      = "os/linux/seccomp-remove-set"
 	LinuxSeccompRetainSetName      = "os/linux/seccomp-retain-set"
+	LinuxOOMScoreAdjName           = "os/linux/oom-score-adj"
 )
 
 var LinuxIsolatorNames = make(map[ACIdentifier]struct{})
@@ -35,6 +37,7 @@ func init() {
 		LinuxCapabilitiesRevokeSetName: func() IsolatorValue { return &LinuxCapabilitiesRevokeSet{} },
 		LinuxCapabilitiesRetainSetName: func() IsolatorValue { return &LinuxCapabilitiesRetainSet{} },
 		LinuxNoNewPrivilegesName:       func() IsolatorValue { v := LinuxNoNewPrivileges(false); return &v },
+		LinuxOOMScoreAdjName:           func() IsolatorValue { v := LinuxOOMScoreAdj(0); return &v },
 		LinuxSeccompRemoveSetName:      func() IsolatorValue { return &LinuxSeccompRemoveSet{} },
 		LinuxSeccompRetainSetName:      func() IsolatorValue { return &LinuxSeccompRetainSet{} },
 	} {
@@ -321,3 +324,44 @@ func (l LinuxSeccompRemoveSet) AsIsolator() (*Isolator, error) {
 		value:    &l,
 	}, nil
 }
+
+// LinuxOOMScoreAdj is equivalent to /proc/[pid]/oom_score_adj
+type LinuxOOMScoreAdj int // -1000 to 1000
+func (l LinuxOOMScoreAdj) AssertValid() error {
+	if l < -1000 || l > 1000 {
+		return fmt.Errorf("%s must be between -1000 and 1000, got %d", LinuxOOMScoreAdjName, l)
+	}
+	return nil
+}
+
+func (l LinuxOOMScoreAdj) multipleAllowed() bool {
+	return false
+}
+
+func (l LinuxOOMScoreAdj) Conflicts() []ACIdentifier {
+	return nil
+}
+
+func (l *LinuxOOMScoreAdj) UnmarshalJSON(b []byte) error {
+	var v int
+	err := json.Unmarshal(b, &v)
+	if err != nil {
+		return err
+	}
+
+	*l = LinuxOOMScoreAdj(v)
+	return nil
+}
+
+func (l LinuxOOMScoreAdj) AsIsolator() Isolator {
+	b, err := json.Marshal(l)
+	if err != nil {
+		panic(err)
+	}
+	rm := json.RawMessage(b)
+	return Isolator{
+		Name:     LinuxOOMScoreAdjName,
+		ValueRaw: &rm,
+		value:    &l,
+	}
+}
diff --git a/schema/types/isolator_test.go b/schema/types/isolator_test.go
@@ -25,6 +25,34 @@ func TestIsolatorUnmarshal(t *testing.T) {
 		msg  string
 		werr bool
 	}{
+		{
+			`{
+				"name": "os/linux/oom-score-adj",
+				"value": 250
+			}`,
+			false,
+		},
+		{
+			`{
+				"name": "os/linux/oom-score-adj",
+				"value": -250
+			}`,
+			false,
+		},
+		{
+			`{
+				"name": "os/linux/oom-score-adj",
+				"value": -2500
+			}`,
+			true,
+		},
+		{
+			`{
+				"name": "os/linux/oom-score-adj",
+				"value": "pants"
+			}`,
+			true,
+		},
 		{
 			`{
 				"name": "os/linux/no-new-privileges",