I’m trying to get a process to run with realtime scheduling inside a privileged container. Systemd is failing with SETSCHEDULER Operation not permitted.
It’s not directly exposed by LXD at this time. We’d probably want to figure out what direction this particular flag is going towards in cgroup2 before trying to implement it generically as a LXD limit.
That said, you can use raw.lxc for this until then. Setting raw.lxc to lxc.cgroup.cpu.rt_runtime_us=950000 should do the right thing.
In an unprivileged container the following get’s me up to systemd failing to set IOPRIO.
limits.kernel.nice: “-20”
limits.kernel.rtprio: “99”
raw.lxc: lxc.cgroup.cpu.rt_runtime_us=950000
cap_sys_nice and cap_sys_admin are enabled for the container for cpu. I’m not seeing anything that jumps out that lets me set ioprio_set().
This is definitely not as big of an issue I’m just wondering if it can be done unprivileged?
I think you may need access to some of the setprio type syscalls which aren’t normally allowed for unprivileged users.
We have sched_setscheduler interception planned for this cycle, this may be helping with some of that or will at least be a good blueprint of how to intercept whatever else is needed for RT.