How to set higher guest process priority?

I have Freeswitch (VoIP/PBX) in an unprivileged container. It tries by itself to raise it’s process priority but fails. I already assigned some caps via guest shell to the binary like SYS_CAP_NICE but wasn’t successful so far.

Do i need to explicitly grant it in lxd config first?
Is it even possible to raise process and i/o priority from inside the container or do i have to do it manually from outside/host?

That’s most likely because you’re running the container unprivileged. An unprivileged container cannot raise its process priority higher than what a normal user can.

If this is a blocker in this case, then you may need to make the container privileged (security.privileged=true) which will then let you run code as real root in the container, allowing you to increase the process priority.

Ok, thanks. I will try to set it from the host then.
I want to keep it unprivileged as it might talk to the outside one day.

Actually, it does work from within an unprivileged container:

$ (chrt -f 10 sleep 1 &) && (ps ax --format uname,pid,ppid,tty,cmd,cls,pri,rtprio)
USER       PID  PPID TT       CMD                         CLS PRI RTPRIO
fusion     633     1 pts/4    sleep 1                      FF  50     10
fusion     634   556 pts/4    ps ax --format uname,pid,pp  TS  19      -

It needs lxc.prlimit.rtprio = 90 explicitly set though (here). Not sure why it is not inherited.