From 99a1b8d363f7b14286cf90ab7a080142182a1399 Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Tue, 9 May 2017 09:40:06 -0700
Subject: [PATCH] config: Shift oomScoreAdj from linux.resources to process

The only discussion related to this is in [1,2], where the
relationship between oomScoreAdj and disableOOMKiller is raised. But
since 429f936 (Adding cgroups path to the Spec, 2015-09-02, #137)
resources has been tied to cgroups, and oomScoreAdj is not about
cgroups.  For example, we currently have (in config-linux.md):

  You can configure a container's cgroups via the resources field of
  the Linux configuration.

I suggested we move the property from linux.resources.oomScoreAdj to
linux.oomScoreAdj so config authors and runtimes don't have to worry
about what cgroupsPath means if the only entry in resources is
oomScoreAdj.  Michael responded with [4]:

  If anything it should probably go on the process

So that's what this commit does.

[1]: https://github.com/opencontainers/runtime-spec/pull/236
[2]: https://github.com/opencontainers/runtime-spec/pull/292
[3]: https://github.com/opencontainers/runtime-spec/pull/137
[4]: https://github.com/opencontainers/runtime-spec/issues/782#issuecomment-299990075

Signed-off-by: W. Trevor King <wking@tremily.us>
---
 config-linux.md           | 15 ---------------
 config.md                 |  8 +++++++-
 schema/config-linux.json  |  4 ----
 schema/config-schema.json |  4 ++++
 specs-go/config.go        |  4 ++--
 5 files changed, 13 insertions(+), 22 deletions(-)

diff --git a/config-linux.md b/config-linux.md
index 52c0791cd..407a25dad 100644
--- a/config-linux.md
+++ b/config-linux.md
@@ -263,21 +263,6 @@ For more information, see [the memory cgroup man page][cgroup-v1-memory].
     "disableOOMKiller": false
 ```
 
-#### <a name="configLinuxSetOomScoreAdj" />Set oom_score_adj
-
-`oomScoreAdj` sets heuristic regarding how the process is evaluated by the kernel during memory pressure.
-For more information, see [the proc filesystem documentation section 3.1][procfs].
-This is a kernel/system level setting, where as `disableOOMKiller` is scoped for a memory cgroup.
-For more information on how these two settings work together, see [the memory cgroup documentation section 10. OOM Contol][cgroup-v1-memory].
-
-* **`oomScoreAdj`** *(int, OPTIONAL)* - adjust the oom-killer score
-
-###### Example
-
-```json
-    "oomScoreAdj": 100
-```
-
 #### <a name="configLinuxMemory" />Memory
 
 **`memory`** (object, OPTIONAL) represents the cgroup subsystem `memory` and it's used to set limits on the container's memory usage.
diff --git a/config.md b/config.md
index efaf0a0e5..2cb799867 100644
--- a/config.md
+++ b/config.md
@@ -155,6 +155,10 @@ For Linux-based systems the process structure supports the following process spe
 
 * **`apparmorProfile`** (string, OPTIONAL) specifies the name of the AppArmor profile to be applied to processes in the container.
   For more information about AppArmor, see [AppArmor documentation][apparmor].
+* **`oomScoreAdj`** (int, OPTIONAL) specifies an adjustment for evaluating the process under memory pressure.
+  For more information, see [the proc filesystem documentation section 3.1][procfs_2].
+  This is a per-process setting, where as [`disableOOMKiller`](config-linux.md#disable-out-of-memory-killer) is scoped for a memory cgroup.
+  For more information on how these two settings work together, see [the memory cgroup documentation section 10. OOM Contol][cgroup-v1-memory_2].
 * **`selinuxLabel`** (string, OPTIONAL) specifies the SELinux label to be applied to the processes in the container.
   For more information about SELinux, see  [SELinux documentation][selinux].
 
@@ -503,6 +507,7 @@ Here is a full example `config.json` for reference.
             }
         ],
         "apparmorProfile": "acme_secure_profile",
+        "oomScoreAdj": 100,
         "selinuxLabel": "system_u:system_r:svirt_lxc_net_t:s0:c124,c675",
         "noNewPrivileges": true
     },
@@ -682,7 +687,6 @@ Here is a full example `config.json` for reference.
                     "limit": 9223372036854772000
                 }
             ],
-            "oomScoreAdj": 100,
             "memory": {
                 "limit": 536870912,
                 "reservation": 536870912,
@@ -818,8 +822,10 @@ Here is a full example `config.json` for reference.
 
 
 [apparmor]: https://wiki.ubuntu.com/AppArmor
+[cgroup-v1-memory_2]: https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt
 [selinux]:http://selinuxproject.org/page/Main_Page
 [no-new-privs]: https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
+[procfs_2]: https://www.kernel.org/doc/Documentation/filesystems/proc.txt
 [semver-v2.0.0]: http://semver.org/spec/v2.0.0.html
 [go-environment]: https://golang.org/doc/install/source#environment
 [ieee-1003.1-2001-xbd-c8.1]: http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html#tag_08_01
diff --git a/schema/config-linux.json b/schema/config-linux.json
index c0f649778..dd5bac013 100644
--- a/schema/config-linux.json
+++ b/schema/config-linux.json
@@ -47,10 +47,6 @@
                             "$ref": "defs-linux.json#/definitions/DeviceCgroup"
                         }
                     },
-                    "oomScoreAdj": {
-                        "id": "https://opencontainers.org/schema/bundle/linux/resources/oomScoreAdj",
-                        "type": "integer",
-                    },
                     "pids": {
                         "id": "https://opencontainers.org/schema/bundle/linux/resources/pids",
                         "type": "object",
diff --git a/schema/config-schema.json b/schema/config-schema.json
index 87e46dfef..5f36c4e0d 100644
--- a/schema/config-schema.json
+++ b/schema/config-schema.json
@@ -178,6 +178,10 @@
                     "id": "https://opencontainers.org/schema/bundle/process/linux/apparmorProfile",
                     "type": "string"
                 },
+                "oomScoreAdj": {
+                    "id": "https://opencontainers.org/schema/bundle/process/linux/oomScoreAdj",
+                    "type": "integer",
+                },
                 "selinuxLabel": {
                     "id": "https://opencontainers.org/schema/bundle/process/linux/selinuxLabel",
                     "type": "string"
diff --git a/specs-go/config.go b/specs-go/config.go
index 3e3161259..aefaa9647 100644
--- a/specs-go/config.go
+++ b/specs-go/config.go
@@ -52,6 +52,8 @@ type Process struct {
 	NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
 	// ApparmorProfile specifies the apparmor profile for the container.
 	ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
+	// Specify an oom_score_adj for the container.
+	OOMScoreAdj *int `json:"oomScoreAdj,omitempty"`
 	// SelinuxLabel specifies the selinux context that the container process is run as.
 	SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
 }
@@ -335,8 +337,6 @@ type LinuxResources struct {
 	Devices []LinuxDeviceCgroup `json:"devices,omitempty"`
 	// DisableOOMKiller disables the OOM killer for out of memory conditions
 	DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"`
-	// Specify an oom_score_adj for the container.
-	OOMScoreAdj *int `json:"oomScoreAdj,omitempty"`
 	// Memory restriction configuration
 	Memory *LinuxMemory `json:"memory,omitempty"`
 	// CPU resource restriction configuration