[systemd-devel] process change default scheduler - please help - desperate

JB general at itpsg.com
Sun Dec 30 17:50:51 PST 2012


Bottom line is I need to give a process started by systemd and any 
process started by that process some privileges to chanage scheduler and 
other things when it starts.  How do I tell systemd to grant these 
privileges to one of it's services?

Here's all the detail:

I'm having a really frustrating problem.  I have a ruby webrick daemon 
that starts up at boot.  Previously it always started from init and that 
always worked fine right up through fedora 8 on a 2.6.29.9 kernel.  Now 
I'm running the following:
OS: Fedora Core 15
Kernel: 2.6.38.8 64-bit with RTAI patches
SELinux is disabled

I did manage to get the thing to start using the following service file:
*********** BEGIN webrickd.service ************
[Unit]
Description=Configuration ruby webrick daemon
After=network.target

[Service]
Type=forking
WorkingDirectory=/home/rtuser/app/bin
PIDFile=/home/rtuser/app/data/logs/webrickd.pid
ExecStartPre=/home/rtuser/app/system/scripts/preStart.sh
ExecStart=/home/rtuser/app/bin/webrickd.rb -d -p 
/home/rtuser/app/data/logs/webrickd.pid
StandardOutput=null
StandardError=null
User=rtuser
Group=rtuser

[Install]
WantedBy=multi-user.target
*********** END webrickd.service *************

This webrick daemon upon receiving a specific web service call uses 
"exec" to start another process called appcore which is a compiled C 
application.  appcore runs real-time and consequently uses a call to 
sched_setscheduler() to change it's scheduling from the default.  Sample 
code for reproduction is below:

*********** BEGIN appcore.c *************
#include <stdio.h>
#include <errno.h>
#include <sched.h>

int main(int argc, char *argv[])
{
  struct sched_param mysched;

  errno = 0;
  mysched.sched_priority = sched_get_priority_max(SCHED_FIFO) - 1;
  if( sched_setscheduler( 0, SCHED_FIFO, &mysched ) == -1 ) {
    puts("appcore: ERROR IN SETTING THE SCHEDULER");
    perror("errno");
    return 1;
  } // end 
if                                                                                                                                                                                                                            

  return 0;
}
************** END appcore.c **************

compile with gcc -o appcore appcore.c

Running the above program will work with a normally created unprivileged 
user account but only when logged in with a PAM session using an 
interactive shell.  As soon as I try to start this up from anything that 
is started by systemd, it yields an "Operation not permitted" error.  I 
realize there are other ways to specify what scheduling service a 
process should have in the above systemd configuration file, but that 
does not solve my problem.  Even without this call, the RTAI extensions 
I use which use a call to rtai_task_init() also apparently require this 
same privilege (or one like it) because it too fails with "Operation not 
permitted" so even if I tell systemd to give the ruby webrickdaemon 
SCHED_FIFO priority and I can somehow get that inherited to appcore, I 
will still have the same problem, because there is no way for systemd to 
create a real-time task using the RTAI extensions for me before my 
program starts.  I've tried all the following (and their combinations) 
without success:

LimitCPU=infinity
LimitFSIZE=infinity
LimitDATA=infinity
LimitSTACK=infinity
LimitCORE=infinity
LimitRSS=infinity
#LimitNOFILES=infinity # using any variety of this fails no matter what
LimitAS=infinity
LimitNPROC=infinity
LimitMEMLOCK=infinity
LimitLOCKS=infinity
LimitSIGPENDING=infinity
LimitMSGQUEUE=infinity
LimitNICE=infinity
LimitRTPRIO=infinity
LimitRTTIME=infinity
CapabilityBoundingSet=~CAP_SYS_PTRACE
PAMName=appcore

Modifications to /etc/security/limits.conf of course don't really help 
because it works fine under a shell without any modifications and that 
stuff all gets bypassed with init processes starting even when you 
specify User and Group.  I've tried using sudo (won't even start it) to 
try to get a PAM session as though it were a login, I've tried setuid 
without success, I've tried everything I can think of but absolutely 
everything works when run from an interactive shell and absolutely 
nothing works, all I get is "Operation not permitted" anytime I let 
systemd start things up.  Please help!  I'm desperate.  I get what 
you're trying to do with systemd and I support it and I have to say for 
a first release of it, it seems well designed and thought out.  I'm 
impressed with it's flexibility.  However, I quite literally ***cannot 
find a way to make this work*** when it just "worked" before.  What in 
the world do I have to do to have systemd start this process up with 
whatever equivalent rights or permissions it used to have with init and 
whatever it seems to have when run from an interactive shell.



More information about the systemd-devel mailing list