Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#66134 - [earlyoom] Earlyoom commits suicide on OOM when hidepid is enabled.
Attached to Project:
Community Packages
Opened by Steven (Stebalien) - Sunday, 05 April 2020, 18:10 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Monday, 06 April 2020, 10:42 GMT
Opened by Steven (Stebalien) - Sunday, 05 April 2020, 18:10 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Monday, 06 April 2020, 10:42 GMT
|
DetailsDescription:
Earlyoom is now run with a dynamic user instead of root. This means that, when the proc group is used to restrict access to /proc (using hidepid), earlyoom can't list processes running as other users and always kills itself (the only process it can see). The solution is to add the following to the [Service] section of the earlyoom systemd service: SupplementaryGroups=proc Note: "proc" is a built-in group shipped in the filesystem package. Additional info: * version: 1.5-1 * config and/or log files etc. * first reported upstream https://github.com/rfjakob/earlyoom/issues/184 Steps to reproduce: 1. Enable hidepid as described in https://wiki.archlinux.org/index.php/Security#hidepid. 2. OOM. 3. Observe that earlyoom kills itself. |
This task depends upon
Closed by Massimiliano Torromeo (mtorromeo)
Monday, 06 April 2020, 10:42 GMT
Reason for closing: Fixed
Additional comments about closing: earlyoom-1.5-2
Monday, 06 April 2020, 10:42 GMT
Reason for closing: Fixed
Additional comments about closing: earlyoom-1.5-2
Comment by Massimiliano Torromeo (mtorromeo) -
Monday, 06 April 2020, 10:27 GMT
While using hidepid and mounting /proc with the proc group is something that is only configured by the user which should know how to handle these situations and should add all the exceptions accordingly, where it makes sense, I'm willing to allow this change on the basis that the proc group's purpose is to allow process introspection to its users and earlyoom's inherent behavior requires such introspection capabilities.