Adjust OOM killer for subprocess in Docker container

Question

Please help to find an appropriate solution.

There is a java service running in Ubuntu environment, that periodically invokes external process with params (multiple instances of the same program). Everything is packed into Docker container (memory limit is set, unprivileged, readonly except tmp and logs, cap_drop all). Sometimes the data supplied to subprocess makes it overfill the memory limit. So, in that case we'd like to kill subprocess(es) due to OOM, but leave parent (java) process running.

If speaking about non-docker system, there is a set of methods to achieve this, as: creating a custom cgroup, set memory limit and attach subprocesses to it. Another way is to adjust /proc/PID/oom_adj setting to make subprocesses having larger oom_score.

But in docker container I can't find a way to do it in a simple way, without running container in privileged mode and adding external wrappers to the main process.

Is there a native way to add memory cgroup inside container or adjust OOM killer?

Thanks in advance!

Answer 1

The only way is to use the --oom-score-adj option to docker run or even --oom-kill-disable.

https://docs.docker.com/engine/reference/run/#runtime-constraints-on-resources