[systemd-devel] systemd-nspawn: Failed at step SETSCHEDULER spawning /opt/freeswitch/bin/freeswitch: Operation not permitted

[Lennart Poettering]

On Fr, 29.05.20 00:31, Nuno Reis (nreis at wavecom.pt) wrote:

> > I've noticed that if I give the same CPUScheduling options to the
> > 'systemd-nspawn@<MACHINE_NAME>'.service service on the Fedora 32 hosting
> > system I don't have the following error anymore in the container:
> > Failed at step SETSCHEDULER spawning /opt/freeswitch/bin/freeswitch:
> > Operation not permitted
> >
> > The only error that remains is the:
> >
> > Failed at step IOPRIO spawning /opt/freeswitch/bin/freeswitch: Operation
> > not permitted
> >
> What is the best way to have this options set the right way and make
> everything work as expected inside the nspawn container?

How do you set up your nspawn container? Do you use userns?

rt sched is a privileged operation, but RLIMIT_RTPRIO can open it up
for unpriv processes. But that rlimit only affects the CPU scheduler,
not the IO scheduler.

Also, you need to turn off RT group sched in the kernel, as otherweise
the CPU cgroup controller will disallowe rt sched all the way down the
tree unless an rt budget is configured for each cgroup in the tree.

Lennart

--
Lennart Poettering, Berlin