[systemd-devel] process change default scheduler - please help - desperate
JB
general at itpsg.com
Sun Dec 30 17:50:51 PST 2012
Bottom line is I need to give a process started by systemd and any
process started by that process some privileges to chanage scheduler and
other things when it starts. How do I tell systemd to grant these
privileges to one of it's services?
Here's all the detail:
I'm having a really frustrating problem. I have a ruby webrick daemon
that starts up at boot. Previously it always started from init and that
always worked fine right up through fedora 8 on a 2.6.29.9 kernel. Now
I'm running the following:
OS: Fedora Core 15
Kernel: 2.6.38.8 64-bit with RTAI patches
SELinux is disabled
I did manage to get the thing to start using the following service file:
*********** BEGIN webrickd.service ************
[Unit]
Description=Configuration ruby webrick daemon
After=network.target
[Service]
Type=forking
WorkingDirectory=/home/rtuser/app/bin
PIDFile=/home/rtuser/app/data/logs/webrickd.pid
ExecStartPre=/home/rtuser/app/system/scripts/preStart.sh
ExecStart=/home/rtuser/app/bin/webrickd.rb -d -p
/home/rtuser/app/data/logs/webrickd.pid
StandardOutput=null
StandardError=null
User=rtuser
Group=rtuser
[Install]
WantedBy=multi-user.target
*********** END webrickd.service *************
This webrick daemon upon receiving a specific web service call uses
"exec" to start another process called appcore which is a compiled C
application. appcore runs real-time and consequently uses a call to
sched_setscheduler() to change it's scheduling from the default. Sample
code for reproduction is below:
*********** BEGIN appcore.c *************
#include <stdio.h>
#include <errno.h>
#include <sched.h>
int main(int argc, char *argv[])
{
struct sched_param mysched;
errno = 0;
mysched.sched_priority = sched_get_priority_max(SCHED_FIFO) - 1;
if( sched_setscheduler( 0, SCHED_FIFO, &mysched ) == -1 ) {
puts("appcore: ERROR IN SETTING THE SCHEDULER");
perror("errno");
return 1;
} // end
if
return 0;
}
************** END appcore.c **************
compile with gcc -o appcore appcore.c
Running the above program will work with a normally created unprivileged
user account but only when logged in with a PAM session using an
interactive shell. As soon as I try to start this up from anything that
is started by systemd, it yields an "Operation not permitted" error. I
realize there are other ways to specify what scheduling service a
process should have in the above systemd configuration file, but that
does not solve my problem. Even without this call, the RTAI extensions
I use which use a call to rtai_task_init() also apparently require this
same privilege (or one like it) because it too fails with "Operation not
permitted" so even if I tell systemd to give the ruby webrickdaemon
SCHED_FIFO priority and I can somehow get that inherited to appcore, I
will still have the same problem, because there is no way for systemd to
create a real-time task using the RTAI extensions for me before my
program starts. I've tried all the following (and their combinations)
without success:
LimitCPU=infinity
LimitFSIZE=infinity
LimitDATA=infinity
LimitSTACK=infinity
LimitCORE=infinity
LimitRSS=infinity
#LimitNOFILES=infinity # using any variety of this fails no matter what
LimitAS=infinity
LimitNPROC=infinity
LimitMEMLOCK=infinity
LimitLOCKS=infinity
LimitSIGPENDING=infinity
LimitMSGQUEUE=infinity
LimitNICE=infinity
LimitRTPRIO=infinity
LimitRTTIME=infinity
CapabilityBoundingSet=~CAP_SYS_PTRACE
PAMName=appcore
Modifications to /etc/security/limits.conf of course don't really help
because it works fine under a shell without any modifications and that
stuff all gets bypassed with init processes starting even when you
specify User and Group. I've tried using sudo (won't even start it) to
try to get a PAM session as though it were a login, I've tried setuid
without success, I've tried everything I can think of but absolutely
everything works when run from an interactive shell and absolutely
nothing works, all I get is "Operation not permitted" anytime I let
systemd start things up. Please help! I'm desperate. I get what
you're trying to do with systemd and I support it and I have to say for
a first release of it, it seems well designed and thought out. I'm
impressed with it's flexibility. However, I quite literally ***cannot
find a way to make this work*** when it just "worked" before. What in
the world do I have to do to have systemd start this process up with
whatever equivalent rights or permissions it used to have with init and
whatever it seems to have when run from an interactive shell.
More information about the systemd-devel
mailing list