[systemd-devel] process change default scheduler - please help - desperate

Sun Dec 30 18:30:49 PST 2012

http://www.freedesktop.org/software/systemd/man/systemd.exec.html
there are a lot of Scheduling options

Am 31.12.2012 02:50, schrieb JB:
> 
> Bottom line is I need to give a process started by systemd and any process started by that process some privileges
> to chanage scheduler and other things when it starts.  How do I tell systemd to grant these privileges to one of
> it's services?
> 
> Here's all the detail:
> 
> I'm having a really frustrating problem.  I have a ruby webrick daemon that starts up at boot.  Previously it
> always started from init and that always worked fine right up through fedora 8 on a 2.6.29.9 kernel.  Now I'm
> running the following:
> OS: Fedora Core 15
> Kernel: 2.6.38.8 64-bit with RTAI patches
> SELinux is disabled
> 
> I did manage to get the thing to start using the following service file:
> *********** BEGIN webrickd.service ************
> [Unit]
> Description=Configuration ruby webrick daemon
> After=network.target
> 
> [Service]
> Type=forking
> WorkingDirectory=/home/rtuser/app/bin
> PIDFile=/home/rtuser/app/data/logs/webrickd.pid
> ExecStartPre=/home/rtuser/app/system/scripts/preStart.sh
> ExecStart=/home/rtuser/app/bin/webrickd.rb -d -p /home/rtuser/app/data/logs/webrickd.pid
> StandardOutput=null
> StandardError=null
> User=rtuser
> Group=rtuser
> 
> [Install]
> WantedBy=multi-user.target
> *********** END webrickd.service *************
> 
> This webrick daemon upon receiving a specific web service call uses "exec" to start another process called appcore
> which is a compiled C application.  appcore runs real-time and consequently uses a call to sched_setscheduler() to
> change it's scheduling from the default.  Sample code for reproduction is below:
> 
> *********** BEGIN appcore.c *************
> #include <stdio.h>
> #include <errno.h>
> #include <sched.h>
> 
> int main(int argc, char *argv[])
> {
>  struct sched_param mysched;
> 
>  errno = 0;
>  mysched.sched_priority = sched_get_priority_max(SCHED_FIFO) - 1;
>  if( sched_setscheduler( 0, SCHED_FIFO, &mysched ) == -1 ) {
>    puts("appcore: ERROR IN SETTING THE SCHEDULER");
>    perror("errno");
>    return 1;
>  } // end
> if                                                                                                                                                                                                                           
> 
>  return 0;
> }
> ************** END appcore.c **************
> 
> compile with gcc -o appcore appcore.c
> 
> Running the above program will work with a normally created unprivileged user account but only when logged in with
> a PAM session using an interactive shell.  As soon as I try to start this up from anything that is started by
> systemd, it yields an "Operation not permitted" error.  I realize there are other ways to specify what scheduling
> service a process should have in the above systemd configuration file, but that does not solve my problem.  Even
> without this call, the RTAI extensions I use which use a call to rtai_task_init() also apparently require this same
> privilege (or one like it) because it too fails with "Operation not permitted" so even if I tell systemd to give
> the ruby webrickdaemon SCHED_FIFO priority and I can somehow get that inherited to appcore, I will still have the
> same problem, because there is no way for systemd to create a real-time task using the RTAI extensions for me
> before my program starts.  I've tried all the following (and their combinations) without success:
> 
> LimitCPU=infinity
> LimitFSIZE=infinity
> LimitDATA=infinity
> LimitSTACK=infinity
> LimitCORE=infinity
> LimitRSS=infinity
> #LimitNOFILES=infinity # using any variety of this fails no matter what
> LimitAS=infinity
> LimitNPROC=infinity
> LimitMEMLOCK=infinity
> LimitLOCKS=infinity
> LimitSIGPENDING=infinity
> LimitMSGQUEUE=infinity
> LimitNICE=infinity
> LimitRTPRIO=infinity
> LimitRTTIME=infinity
> CapabilityBoundingSet=~CAP_SYS_PTRACE
> PAMName=appcore
> 
> Modifications to /etc/security/limits.conf of course don't really help because it works fine under a shell without
> any modifications and that stuff all gets bypassed with init processes starting even when you specify User and
> Group.  I've tried using sudo (won't even start it) to try to get a PAM session as though it were a login, I've
> tried setuid without success, I've tried everything I can think of but absolutely everything works when run from an
> interactive shell and absolutely nothing works, all I get is "Operation not permitted" anytime I let systemd start
> things up.  Please help!  I'm desperate.  I get what you're trying to do with systemd and I support it and I have
> to say for a first release of it, it seems well designed and thought out.  I'm impressed with it's flexibility. 
> However, I quite literally ***cannot find a way to make this work*** when it just "worked" before.  What in the
> world do I have to do to have systemd start this process up with whatever equivalent rights or permissions it used
> to have with init and whatever it seems to have when run from an interactive shell.
> 
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/

http://www.thelounge.net/signature.asc.what.htm

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20121231/8da391f4/attachment.pgp>