Overview

File 289.patch of Package earlyoom

From 8d81b6255994c0a372e351a37fdd5244a7d4150c Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Tue, 28 Feb 2023 12:10:18 +0100
Subject: [PATCH] Allow one more capability

and nice to -20
to avoid warnings on startup (with -p):
 Could not set priority: Permission denied. Continuing anyway
 Could not set oom_score_adj: Permission denied. Continuing anyway
---
 earlyoom.service.in | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/earlyoom.service.in b/earlyoom.service.in
index b17d23c..74462c1 100644
--- a/earlyoom.service.in
+++ b/earlyoom.service.in
@@ -7,8 +7,10 @@ EnvironmentFile=-:SYSCONFDIR:/default/earlyoom
 ExecStart=:TARGET:/earlyoom $EARLYOOM_ARGS
 # Run as an unprivileged user with random user id
 DynamicUser=true
-# Allow killing processes and calling mlockall()
-AmbientCapabilities=CAP_KILL CAP_IPC_LOCK
+# Allow killing processes, calling mlockall() and oom_score_adj
+AmbientCapabilities=CAP_KILL CAP_IPC_LOCK CAP_SYS_RESOURCE
+# Give priority to our process
+Nice=-20
 # We don't need write access anywhere
 ProtectSystem=strict
 # We don't need /home at all, make it inaccessible
openSUSE Build Service is sponsored by
Places