From b2110184c1605df244662f801b29152ec8e73061 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 5 Oct 2020 23:01:59 +0200
Subject: [PATCH] docker: set oom score adjust to -500

Currently, dockerd sets a "-500" oom-score-adjust for itself by default.

We're removing this default, and instead:

- for dockerd running as systemd unit, set the oom-score through systemd
- when manually running dockerd, require users to explicitly set a score

This patch is in preparation of those changes.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 examples/cadvisor.yml                             | 3 ++-
 examples/docker-for-mac.yml                       | 1 +
 examples/docker.yml                               | 3 ++-
 projects/compose/compose-dynamic.yml              | 3 ++-
 projects/compose/compose-static.yml               | 3 ++-
 test/cases/030_security/000_docker-bench/test.yml | 3 ++-
 6 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/examples/cadvisor.yml b/examples/cadvisor.yml
index 376577b77..ec593da78 100644
--- a/examples/cadvisor.yml
+++ b/examples/cadvisor.yml
@@ -44,7 +44,8 @@ services:
       - /var/run:/var/run
       - /lib/modules:/lib/modules
       - /etc/docker/daemon.json:/etc/docker/daemon.json
-    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
+              "--oom-score-adjust", "-500"]
   - name: cadvisor
     image: linuxkit/cadvisor:v0.8
 files:
diff --git a/examples/docker-for-mac.yml b/examples/docker-for-mac.yml
index 009cd5dac..8effa2b19 100644
--- a/examples/docker-for-mac.yml
+++ b/examples/docker-for-mac.yml
@@ -101,6 +101,7 @@ services:
      - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper
     command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
             "--config-file", "/var/config/docker/daemon.json",
+            "--oom-score-adjust", "-500",
             "--swarm-default-advertise-addr=eth0",
             "--userland-proxy-path", "/usr/bin/vpnkit-expose-port",
             "--storage-driver", "overlay2" ]
diff --git a/examples/docker.yml b/examples/docker.yml
index 0374ae7a3..6ed38bf51 100644
--- a/examples/docker.yml
+++ b/examples/docker.yml
@@ -40,7 +40,8 @@ services:
      - /var/lib/docker:/var/lib/docker
      - /lib/modules:/lib/modules
      - /etc/docker/daemon.json:/etc/docker/daemon.json
-    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
+              "--oom-score-adjust", "-500"]
 files:
   - path: var/lib/docker
     directory: true
diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml
index e54af320b..d94156190 100644
--- a/projects/compose/compose-dynamic.yml
+++ b/projects/compose/compose-dynamic.yml
@@ -42,7 +42,8 @@ services:
      - /lib/modules:/lib/modules
      - /var/run:/var/run
      - /etc/html:/var/html
-    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
+              "--oom-score-adjust", "-500"]
   - name: compose
     image: linuxkitprojects/compose:111f9f32a933c9e7acbf3ccfc13fedbdfce8224f
     binds:
diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml
index ad6d5330d..048b66dc5 100644
--- a/projects/compose/compose-static.yml
+++ b/projects/compose/compose-static.yml
@@ -42,7 +42,8 @@ services:
      - /lib/modules:/lib/modules
      - /var/run:/var/run
      - /etc/html:/var/html
-    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
+              "--oom-score-adjust", "-500"]
   - name: compose
     image: linuxkitprojects/compose:111f9f32a933c9e7acbf3ccfc13fedbdfce8224f
     binds:
diff --git a/test/cases/030_security/000_docker-bench/test.yml b/test/cases/030_security/000_docker-bench/test.yml
index f5c71486b..8bbf246c5 100644
--- a/test/cases/030_security/000_docker-bench/test.yml
+++ b/test/cases/030_security/000_docker-bench/test.yml
@@ -32,7 +32,8 @@ services:
      - /var/lib/docker:/var/lib/docker
      - /lib/modules:/lib/modules
      - /run:/var/run
-    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
+              "--oom-score-adjust", "-500"]
   - name: test-docker-bench
     image: linuxkit/test-docker-bench:51388c7c187cd8a39d4afcbdf18482ad2833299c
     ipc: host