From 7e4a5691ed7b1a4da1be7dd3f7a33561c661a8af Mon Sep 17 00:00:00 2001 From: mwiegand Date: Sat, 9 May 2026 10:01:38 +0200 Subject: [PATCH] feat(deploy): script-sandbox runs in l4d2-build.slice + OOMScoreAdjust=500 Builds yield CPU/IO to game-server instances under contention via the slice's weight=10, and are killed first under memory pressure (servers have OOMScoreAdjust=-200). --- .../usr/local/libexec/left4me/left4me-script-sandbox | 2 ++ deploy/tests/test_deploy_artifacts.py | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/deploy/files/usr/local/libexec/left4me/left4me-script-sandbox b/deploy/files/usr/local/libexec/left4me/left4me-script-sandbox index e331607..5e6458b 100755 --- a/deploy/files/usr/local/libexec/left4me/left4me-script-sandbox +++ b/deploy/files/usr/local/libexec/left4me/left4me-script-sandbox @@ -45,6 +45,8 @@ chmod 0755 "$OVERLAY_DIR" SCRIPT_RC=0 systemd-run --quiet --collect --wait --pipe \ --unit="left4me-script-${OVERLAY_ID}-$$" \ + --slice=l4d2-build.slice \ + -p OOMScoreAdjust=500 \ -p User=l4d2-sandbox -p Group=l4d2-sandbox \ -p UMask=0022 \ -p NoNewPrivileges=yes \ diff --git a/deploy/tests/test_deploy_artifacts.py b/deploy/tests/test_deploy_artifacts.py index 10efe4d..53f72a1 100644 --- a/deploy/tests/test_deploy_artifacts.py +++ b/deploy/tests/test_deploy_artifacts.py @@ -144,6 +144,18 @@ def test_sysctl_conf_present_with_perf_settings(): assert line in text, f"missing {line!r} in 99-left4me.conf" +def test_script_sandbox_in_build_slice_with_oom_adjust(): + text = SCRIPT_SANDBOX_HELPER.read_text() + + # Put the transient unit in the low-weight build slice so it yields to + # game-server instances under CPU/IO contention. + assert "--slice=l4d2-build.slice" in text + + # Sandbox dies first if the host hits memory pressure; servers + # (OOMScoreAdjust=-200) survive. + assert "-p OOMScoreAdjust=500" in text + + def _fake_command(tmp_path, command_name): marker = tmp_path / f"{command_name}.args" command = tmp_path / command_name