Linux compatibility layer - ulimit - pthread_setschedparam failed: Operation not permitted
Allan Jude
allanjude at freebsd.org
Wed Sep 28 23:37:45 UTC 2016
On 2016-09-28 19:32, Petr Fischer wrote:
> Hello,
>
> I need to run some smalltalk VM (linux binary), that uses thread with higher priority for something like "heartbeat", and when I run this binary (VM) as regular user, this error occurs:
>
> pthread_setschedparam failed: Operation not permitted
>
> When I run it with "sudo" (as root user), everything is OK.
>
> So I thought, OK, if it needs root access, it's a security risk and I will run it in isolated jail (created by ezjail)! But, there is another problem - in a jail, it does not work even with root permissions (sudo, root user inside jail), this error again:
>
> pthread_setschedparam failed: Operation not permitted
>
> Can I do something with this situation, I listed all sysctl vars, but nothing interesting, there is for example "security.bsd.unprivileged_idprio", but that is for idle priority, not realtime priority (not found something like *.rtprio).
>
> Any ideas please? Thanks! pf
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>
This is expected. A regular user cannot set a negative priority, or
renice a process to a 'lower' nice level (higher priority) than it was
started with. Even root in jails cannot do this (basically jails are
restricted the same as a regular unprivileged user on the host).
This prevents a user, or a malicious jail, from setting a process to
high priority and starving the rest of the processes.
Your best bet might be to run the other processes with a higher nice
level, and leave the heartbeat process at the default priority. This can
be done as a regular user.
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20160928/bb3e3928/attachment.sig>
More information about the freebsd-jail
mailing list