From 0023fca739bec8ac51fe038ac027f32dfb9a6f34 Mon Sep 17 00:00:00 2001
From: SuvarnaMeenakshi <50386592+SuvarnaMeenakshi@users.noreply.github.com>
Date: Tue, 11 Jun 2019 16:19:49 -0700
Subject: [PATCH] [baseimage] kernel oom-killer to panic when the system is
 truly out of memory (#2988)

- What I did
Currently when the system is under memory pressure, the OOM killer kicks in and kills a rogue process. Killing a rogue process can cause the device to be un-healthy leading to blackholing of the traffic.

To avoid this, configure the OOM to do a kernel panic which will cause the device to reboot and come back up healthy.

- How I did it
Added the sysctl variable panic_on_oom and set the value to 2.
Setting it to 2 will ensure OOM killer to always do a kernel panic.
---
 build_debian.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/build_debian.sh b/build_debian.sh
index e04843891fa7..be6a0c833d1f 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -313,6 +313,7 @@ set /files/etc/sysctl.conf/kernel.core_pattern '|/usr/bin/coredump-compress %e %
 
 set /files/etc/sysctl.conf/kernel.softlockup_panic 1
 set /files/etc/sysctl.conf/kernel.panic 10
+set /files/etc/sysctl.conf/vm.panic_on_oom 2
 set /files/etc/sysctl.conf/fs.suid_dumpable 2
 
 set /files/etc/sysctl.conf/net.ipv4.conf.default.forwarding 1