Alternate method of running swapon?

Alternate method of running swapon?

[Jeffrey Walton]

Hi Everyone,

I work with an open source project. We have a VM but it is low-end.
The machine suffers OOM kills. We don't have access to /etc/fstab.
Everything is an upsell with the VPS provider.

I'm trying to setup a swapfile during startup using Systemd but:

    # swapon /swapfile
    swapon: /swapfile: swapon failed: Operation not permitted

This may be useful:

# command -v swapon
/sbin/swapon
# file /sbin/swapo
swapoff  swapon
# file /sbin/swapon
/sbin/swapon: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.32,
BuildID[sha1]=a4891bc4dcfc533c61d76aa3e69870ab35d90c89, stripped

My question is, is there a way to sidestep the restriction? Is it
possible to ask the kernel to use the swapfile without using the
command?

Thanks in advance.

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Alternate method of running swapon?

[Valentin Vidić]

On Wed, Jan 08, 2020 at 01:09:23PM -0500, Jeffrey Walton wrote:
> Hi Everyone,
> 
> I work with an open source project. We have a VM but it is low-end.
> The machine suffers OOM kills. We don't have access to /etc/fstab.
> Everything is an upsell with the VPS provider.
> 
> I'm trying to setup a swapfile during startup using Systemd but:
> 
>     # swapon /swapfile
>     swapon: /swapfile: swapon failed: Operation not permitted
> 
> This may be useful:
> 
> # command -v swapon
> /sbin/swapon
> # file /sbin/swapo
> swapoff  swapon
> # file /sbin/swapon
> /sbin/swapon: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
> dynamically linked (uses shared libs), for GNU/Linux 2.6.32,
> BuildID[sha1]=a4891bc4dcfc533c61d76aa3e69870ab35d90c89, stripped
> 
> My question is, is there a way to sidestep the restriction? Is it
> possible to ask the kernel to use the swapfile without using the
> command?

You can try running for more details:

 # strace swapon /swapfile

but the swap functionality is probably disabled in the kernel itself.

-- 
Valentin

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Alternate method of running swapon?

[Bernd Petrovitsch]

[-- Attachment #1: Type: text/plain, Size: 1646 bytes --]

Hi all!

On 08/01/2020 19:09, Jeffrey Walton wrote:
[...]
> I work with an open source project. We have a VM but it is low-end.
> The machine suffers OOM kills. We don't have access to /etc/fstab.

Apparently you run too many (or too fat) programs;-)

> Everything is an upsell with the VPS provider.
> 
> I'm trying to setup a swapfile during startup using Systemd but:
> 
>     # swapon /swapfile
>     swapon: /swapfile: swapon failed: Operation not permitted
> 
> This may be useful:
[... nope ....] 

> My question is, is there a way to sidestep the restriction? Is it
> possible to ask the kernel to use the swapfile without using the
> command?

The swapon (and swapoff) command basically calls the swapon()
syscall (and swapoff() syscall, respectively) and their manual
page say the caller needs CAP_SYS_ADMIN capability which usually
means being "root".

Does it work in a root-shell?

The man page says further under errors:
----  snip  ----
EPERM: The caller does not have the CAP_SYS_ADMIN capability.
Alternatively, the maximum number of swap files are already in
use; see NOTES below.
----  snip  ----
The notes below just talk about the maximum numbers of swapfile
depending on the kernel version and activates features.

If the kernel is built/provided by the VPS provider, there may
be further limitations ....

MfG,
	Bernd

PS: I'm not guessing why ....
-- 
"I dislike type abstraction if it has no real reason. And saving
on typing is not a good reason - if your typing speed is the main
issue when you're coding, you're doing something seriously wrong."
    - Linus Torvalds

[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 2513 bytes --]

[-- Attachment #3: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Alternate method of running swapon?

[Greg KH]

On Wed, Jan 08, 2020 at 01:09:23PM -0500, Jeffrey Walton wrote:
> Hi Everyone,
> 
> I work with an open source project. We have a VM but it is low-end.
> The machine suffers OOM kills. We don't have access to /etc/fstab.
> Everything is an upsell with the VPS provider.
> 
> I'm trying to setup a swapfile during startup using Systemd but:
> 
>     # swapon /swapfile
>     swapon: /swapfile: swapon failed: Operation not permitted
> 
> This may be useful:
> 
> # command -v swapon
> /sbin/swapon
> # file /sbin/swapo
> swapoff  swapon
> # file /sbin/swapon
> /sbin/swapon: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
> dynamically linked (uses shared libs), for GNU/Linux 2.6.32,
> BuildID[sha1]=a4891bc4dcfc533c61d76aa3e69870ab35d90c89, stripped
> 
> My question is, is there a way to sidestep the restriction? Is it
> possible to ask the kernel to use the swapfile without using the
> command?

Odds are the VPS provider is blocking it in the kernel they provide to
you.  You can always just try to write your own program that does the
same syscalls that 'swapon' does, but I doubt that works.

Perhaps spring for a bigger vm?

greg k-h

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Alternate method of running swapon?

[Jeffrey Walton]

On Wed, Jan 8, 2020 at 1:23 PM Valentin Vidić
<vvidic@valentin-vidic.from.hr> wrote:
>
> On Wed, Jan 08, 2020 at 01:09:23PM -0500, Jeffrey Walton wrote:
> > Hi Everyone,
> >
> > I work with an open source project. We have a VM but it is low-end.
> > The machine suffers OOM kills. We don't have access to /etc/fstab.
> > Everything is an upsell with the VPS provider.
> >
> > I'm trying to setup a swapfile during startup using Systemd but:
> >
> >     # swapon /swapfile
> >     swapon: /swapfile: swapon failed: Operation not permitted
> >
> > This may be useful:
> >
> > # command -v swapon
> > /sbin/swapon
> > # file /sbin/swapo
> > swapoff  swapon
> > # file /sbin/swapon
> > /sbin/swapon: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
> > dynamically linked (uses shared libs), for GNU/Linux 2.6.32,
> > BuildID[sha1]=a4891bc4dcfc533c61d76aa3e69870ab35d90c89, stripped
> >
> > My question is, is there a way to sidestep the restriction? Is it
> > possible to ask the kernel to use the swapfile without using the
> > command?
>
> You can try running for more details:
>
>  # strace swapon /swapfile
>
> but the swap functionality is probably disabled in the kernel itself.

Thanks Valentin.

Here is the full Pastebin: https://pastebin.com/hHAv5T0N .

I believe this is the relevant part from the Pastebin:

readlink("/swapfile", 0x7ffefb4c0810, 4096) = -1 EINVAL (Invalid argument)
stat("/swapfile", {st_mode=S_IFREG|0600, st_size=2147483648, ...}) = 0
open("/swapfile", O_RDONLY)             = 3
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
65536) = 65536
close(3)                                = 0
swapon("/swapfile", 0)                  = -1 EPERM (Operation not permitted)
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2502, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7fdbd8207000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2502
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7fdbd8207000, 4096)            = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/util-linux.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
...

Jeff

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Alternate method of running swapon?

[Valentin Vidić]

On Wed, Jan 08, 2020 at 01:33:21PM -0500, Jeffrey Walton wrote:
> I believe this is the relevant part from the Pastebin:
> 
> readlink("/swapfile", 0x7ffefb4c0810, 4096) = -1 EINVAL (Invalid argument)
> stat("/swapfile", {st_mode=S_IFREG|0600, st_size=2147483648, ...}) = 0
> open("/swapfile", O_RDONLY)             = 3
> read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 65536) = 65536
> close(3)                                = 0
> swapon("/swapfile", 0)                  = -1 EPERM (Operation not permitted)

Yes, the swapon call fails with this error. You can check the kernel
name with uname -a, but it probably runs a custom build and you can't
reboot with a different one to enable swap functionality.

-- 
Valentin

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Alternate method of running swapon?

[Jeffrey Walton]

On Wed, Jan 8, 2020 at 1:43 PM Valentin Vidić
<vvidic@valentin-vidic.from.hr> wrote:
>
> On Wed, Jan 08, 2020 at 01:33:21PM -0500, Jeffrey Walton wrote:
> > I believe this is the relevant part from the Pastebin:
> >
> > readlink("/swapfile", 0x7ffefb4c0810, 4096) = -1 EINVAL (Invalid argument)
> > stat("/swapfile", {st_mode=S_IFREG|0600, st_size=2147483648, ...}) = 0
> > open("/swapfile", O_RDONLY)             = 3
> > read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> > 65536) = 65536
> > close(3)                                = 0
> > swapon("/swapfile", 0)                  = -1 EPERM (Operation not permitted)
>
> Yes, the swapon call fails with this error. You can check the kernel
> name with uname -a, but it probably runs a custom build and you can't
> reboot with a different one to enable swap functionality.

It looks like this is coming from the OpenVZ folks. They feel a
swapfile would negatively impact performance, so it is disabled.

(I'm not sure how a DoS is considered a good result, given an OOM kill
just about always knocks out MySQL).

Jeff

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Alternate method of running swapon?

[Valentin Vidić]

On Wed, Jan 08, 2020 at 03:08:42PM -0500, Jeffrey Walton wrote:
> It looks like this is coming from the OpenVZ folks. They feel a
> swapfile would negatively impact performance, so it is disabled.

Yep, since this is not a full VM but rather a container, there is
not much to do other than buying a bigger VPS.

> (I'm not sure how a DoS is considered a good result, given an OOM kill
> just about always knocks out MySQL).

Swap in a way converts memory access into disk IO. And since a lot of disk
IO can harm all services running on the host, for the operator it is safer
to OOM kill one process and save all the others :)

-- 
Valentin

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Alternate method of running swapon?

[Jeffrey Walton]

On Wed, Jan 8, 2020 at 1:26 PM Bernd Petrovitsch
<bernd@petrovitsch.priv.at> wrote:
>
> Hi all!
>
> On 08/01/2020 19:09, Jeffrey Walton wrote:
> [...]
> > I work with an open source project. We have a VM but it is low-end.
> > The machine suffers OOM kills. We don't have access to /etc/fstab.
>
> Apparently you run too many (or too fat) programs;-)
>
> > Everything is an upsell with the VPS provider.
> >
> > I'm trying to setup a swapfile during startup using Systemd but:
> >
> >     # swapon /swapfile
> >     swapon: /swapfile: swapon failed: Operation not permitted
> >
> > This may be useful:
> [... nope ....]
>
> > My question is, is there a way to sidestep the restriction? Is it
> > possible to ask the kernel to use the swapfile without using the
> > command?
>
> The swapon (and swapoff) command basically calls the swapon()
> syscall (and swapoff() syscall, respectively) and their manual
> page say the caller needs CAP_SYS_ADMIN capability which usually
> means being "root".
>
> Does it work in a root-shell?

No, it does not work in a root shell.

The output is capsh is below. The man page for capsh(1) does not tell
me how to interpret it. Does cap_sys_admin under "current" mean I have
it? Or does lack of cap_sys_admin in "bounding" mean I lack it?

Jeff

# capsh --print
Current: = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_setfcap+eip
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_chroot,cap_sys_ptrace,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap
Securebits: 00/0x0/1'b0
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
uid=0(root)
gid=0(root)
groups=0(root)

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies