I have Freeswitch (VoIP/PBX) in an unprivileged container. It tries by itself to raise it’s process priority but fails. I already assigned some caps via guest shell to the binary like SYS_CAP_NICE but wasn’t successful so far.
Do i need to explicitly grant it in lxd config first?
Is it even possible to raise process and i/o priority from inside the container or do i have to do it manually from outside/host?
That’s most likely because you’re running the container unprivileged. An unprivileged container cannot raise its process priority higher than what a normal user can.
If this is a blocker in this case, then you may need to make the container privileged (security.privileged=true) which will then let you run code as real root in the container, allowing you to increase the process priority.
Ok, thanks. I will try to set it from the host then.
I want to keep it unprivileged as it might talk to the outside one day.
Actually, it does work from within an unprivileged container:
$ (chrt -f 10 sleep 1 &) && (ps ax --format uname,pid,ppid,tty,cmd,cls,pri,rtprio)
USER PID PPID TT CMD CLS PRI RTPRIO
fusion 633 1 pts/4 sleep 1 FF 50 10
fusion 634 556 pts/4 ps ax --format uname,pid,pp TS 19 -
It needs lxc.prlimit.rtprio = 90 explicitly set though (here). Not sure why it is not inherited.
https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html#lbAZ