EACCESS writing /proc/self/oom_score_adj

Question

I'm trying to compile "slock" to implement some tweaks. It fails to start, on this:

#ifdef __linux__
#include <fcntl.h>

static void
dontkillme(void) {
    int fd;

    fd = open("/proc/self/oom_score_adj", O_WRONLY);
    if (fd < 0 && errno == ENOENT)
        return;
    if (fd < 0 || write(fd, "-1000\n", 6) != 6 || close(fd) != 0)
        die("cannot disable the out-of-memory killer for this process\n");
}
#endif

I went ahead and did some debugging, and found out I get EACCESS from the write().

What's the catch? I believe this is some security feature, as it's not cool if processes can change this value - but what am I doing wrong? Is there some special filesystem flag on the binary to be set, to get this work?

Answer 1

Looking at Documentation/filesystems/proc.txt in the kernel:

The value of /proc/pid/oom_score_adj may be reduced no lower than the last value set by a CAP_SYS_RESOURCE process. To reduce the value any lower requires CAP_SYS_RESOURCE.

Which means that you must be either root or have CAP_SYS_RESOURCE capability at some point to set this lower than the default.