config: Shift oomScoreAdj from linux.resources to process

wking · wking · commit 99a1b8d363f7 · 2017-05-09T09:40:06.000-07:00
The only discussion related to this is in [1,2], where the relationship between oomScoreAdj and disableOOMKiller is raised. But since 429f936 (Adding cgroups path to the Spec, 2015-09-02, #137) resources has been tied to cgroups, and oomScoreAdj is not about cgroups. For example, we currently have (in config-linux.md): You can configure a container's cgroups via the resources field of the Linux configuration. I suggested we move the property from linux.resources.oomScoreAdj to linux.oomScoreAdj so config authors and runtimes don't have to worry about what cgroupsPath means if the only entry in resources is oomScoreAdj. Michael responded with [4]: If anything it should probably go on the process So that's what this commit does. [1]: #236 [2]: #292 [3]: #137 [4]: #782 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
diff --git a/config-linux.md b/config-linux.md
@@ -263,21 +263,6 @@ For more information, see [the memory cgroup man page][cgroup-v1-memory].
     "disableOOMKiller": false
 ```
 
-#### <a name="configLinuxSetOomScoreAdj" />Set oom_score_adj
-
-`oomScoreAdj` sets heuristic regarding how the process is evaluated by the kernel during memory pressure.
-For more information, see [the proc filesystem documentation section 3.1][procfs].
-This is a kernel/system level setting, where as `disableOOMKiller` is scoped for a memory cgroup.
-For more information on how these two settings work together, see [the memory cgroup documentation section 10. OOM Contol][cgroup-v1-memory].
-
-* **`oomScoreAdj`** *(int, OPTIONAL)* - adjust the oom-killer score
-
-###### Example
-
-```json
-    "oomScoreAdj": 100
-```
-
 #### <a name="configLinuxMemory" />Memory
 
 **`memory`** (object, OPTIONAL) represents the cgroup subsystem `memory` and it's used to set limits on the container's memory usage.
diff --git a/config.md b/config.md
@@ -155,6 +155,10 @@ For Linux-based systems the process structure supports the following process spe
 
 * **`apparmorProfile`** (string, OPTIONAL) specifies the name of the AppArmor profile to be applied to processes in the container.
   For more information about AppArmor, see [AppArmor documentation][apparmor].
+* **`oomScoreAdj`** (int, OPTIONAL) specifies an adjustment for evaluating the process under memory pressure.
+  For more information, see [the proc filesystem documentation section 3.1][procfs_2].
+  This is a per-process setting, where as [`disableOOMKiller`](config-linux.md#disable-out-of-memory-killer) is scoped for a memory cgroup.
+  For more information on how these two settings work together, see [the memory cgroup documentation section 10. OOM Contol][cgroup-v1-memory_2].
 * **`selinuxLabel`** (string, OPTIONAL) specifies the SELinux label to be applied to the processes in the container.
   For more information about SELinux, see  [SELinux documentation][selinux].
 
@@ -503,6 +507,7 @@ Here is a full example `config.json` for reference.
             }
         ],
         "apparmorProfile": "acme_secure_profile",
+        "oomScoreAdj": 100,
         "selinuxLabel": "system_u:system_r:svirt_lxc_net_t:s0:c124,c675",
         "noNewPrivileges": true
     },
@@ -682,7 +687,6 @@ Here is a full example `config.json` for reference.
                     "limit": 9223372036854772000
                 }
             ],
-            "oomScoreAdj": 100,
             "memory": {
                 "limit": 536870912,
                 "reservation": 536870912,
@@ -818,8 +822,10 @@ Here is a full example `config.json` for reference.
 
 
 [apparmor]: https://wiki.ubuntu.com/AppArmor
+[cgroup-v1-memory_2]: https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt
 [selinux]:http://selinuxproject.org/page/Main_Page
 [no-new-privs]: https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
+[procfs_2]: https://www.kernel.org/doc/Documentation/filesystems/proc.txt
 [semver-v2.0.0]: http://semver.org/spec/v2.0.0.html
 [go-environment]: https://golang.org/doc/install/source#environment
 [ieee-1003.1-2001-xbd-c8.1]: http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html#tag_08_01
diff --git a/schema/config-linux.json b/schema/config-linux.json
@@ -47,10 +47,6 @@
                             "$ref": "defs-linux.json#/definitions/DeviceCgroup"
                         }
                     },
-                    "oomScoreAdj": {
-                        "id": "https://opencontainers.org/schema/bundle/linux/resources/oomScoreAdj",
-                        "type": "integer",
-                    },
                     "pids": {
                         "id": "https://opencontainers.org/schema/bundle/linux/resources/pids",
                         "type": "object",
diff --git a/schema/config-schema.json b/schema/config-schema.json
@@ -178,6 +178,10 @@
                     "id": "https://opencontainers.org/schema/bundle/process/linux/apparmorProfile",
                     "type": "string"
                 },
+                "oomScoreAdj": {
+                    "id": "https://opencontainers.org/schema/bundle/process/linux/oomScoreAdj",
+                    "type": "integer",
+                },
                 "selinuxLabel": {
                     "id": "https://opencontainers.org/schema/bundle/process/linux/selinuxLabel",
                     "type": "string"
diff --git a/specs-go/config.go b/specs-go/config.go
@@ -52,6 +52,8 @@ type Process struct {
 	NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
 	// ApparmorProfile specifies the apparmor profile for the container.
 	ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
+	// Specify an oom_score_adj for the container.
+	OOMScoreAdj *int `json:"oomScoreAdj,omitempty"`
 	// SelinuxLabel specifies the selinux context that the container process is run as.
 	SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
 }
@@ -335,8 +337,6 @@ type LinuxResources struct {
 	Devices []LinuxDeviceCgroup `json:"devices,omitempty"`
 	// DisableOOMKiller disables the OOM killer for out of memory conditions
 	DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"`
-	// Specify an oom_score_adj for the container.
-	OOMScoreAdj *int `json:"oomScoreAdj,omitempty"`
 	// Memory restriction configuration
 	Memory *LinuxMemory `json:"memory,omitempty"`
 	// CPU resource restriction configuration
