[systemd-devel] [lennart at kemper.freedesktop.org: [systemd-commits] src/pam-module.c]

Andrey Borzenkov arvidjaar at mail.ru
Tue Feb 8 03:22:25 PST 2011 

On Tue, Feb 8, 2011 at 1:36 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Tue, 08.02.11 13:30, Andrey Borzenkov (arvidjaar at mail.ru) wrote:
>
>>
>> On Tue, Feb 8, 2011 at 1:15 PM, Lennart Poettering
>> <lennart at poettering.net> wrote:
>> > On Tue, 08.02.11 12:29, Andrey Borzenkov (arvidjaar at mail.ru) wrote:
>> >
>> >> > The rtkit patch ensures rtkit itself can get RT privs. This systemd
>> >> > patch ensures apps (such as PA) started within a systemd session can get
>> >> > RT privs. Without neither patch neither side can get RT privs. To work
>> >> > properly both sides need to be able to get RT privs.
>> >> >
>> >>
>> >> Do  I need this patch to *strart* rtkit?
>> >
>> > Hmm, yes? The cgroup fix needs to be applied when you start rtkit.
>> >
>>
>> But there is no login session at this point; is PAM involved at all?
>> At least "pam" does not appear anywhere in rtkit sources ... and we
>> must be able to use systemd with pam_systemd as well, must not we?
>
> Hmm?
>
> The patch to rtkit needs to be applied before rtkit is started. After
> applying, building and installing rtkit you need to reload the systemd
> configuration.
>
> The patch to systemd needs to be applied before you login. After
> applying, building and installing systemd it should be sufficient to
> relogin, since that will already load the updated PAM module.
>

We apparently misunderstand each other.

I speak about failure of rtkit-daemon to put itself in RT scheduling
group on startup. At this point there is no login at all.

Anyway, I rebuild systemd with your PAM patch and restarted system and
as expected nothing changed:

Feb  8 14:14:51 cooker rtkit-daemon[3165]: Failed to make ourselves
RT: Operation not permitted


>> >> {pts/1}% systemctl --no-pager --property=ControlGroups show rtkit-daemon.service
>> >> ControlGroups=name=systemd:/system/rtkit-daemon.service cpu:/
>> >
>> > Uh, oh. Are you suggesting that rtkit does not actually run in the cpu:/
>> > cgroup? Can you verify this with "ps xawf -eo pid,args,cgroup"?
>> >
>>
>> {pts/1}% ps xawf -eo pid,args,cgroup | grep rtkit
>>  3781 /usr/lib64/rtkit-daemon
>>  name=systemd:/system/rtkit-daemon.service
>
> This looks pretty much correct, rtkit is in the root cpu cgroup.
>

So - can this message on startup ("rtkit-daemon[3165]: Failed to make
ourselves RT: Operation not permitted") be ignored? If yes - this
message should not be logged as error. If no - your changes so far did
not fix it.

More information about the systemd-devel mailing list