Hi all,
I’m running an application that requires realtime scheduling, so I wanted to add sys_nice to my caps to allow it.
Alas, when I add it, sshd fails to spawn!
Here’s my config:
lxc.uts.name=vsa-1
lxc.net.0.type=veth
lxc.net.0.name=eth1
lxc.net.0.flags=up
lxc.net.0.link=emanenode0
lxc.net.0.hwaddr=02:00:01:01:00:01
lxc.net.0.ipv4.address=172.99.0.1/23
lxc.net.0.veth.pair=v-vsa-1.1
lxc.net.1.type=veth
lxc.net.1.name=eth2
lxc.net.1.hwaddr=02:00:01:02:00:01
lxc.net.1.veth.pair=v-vsa-1.2
;lxc.net.2.type = empty
;lxc.net.2.flags=up
lxc.console.path = none
lxc.tty.max = 1
lxc.pty.max = 128
lxc.cgroup.devices.allow = a
lxc.mount.auto = proc sys cgroup
lxc.cap.keep = sys_nice sys_time
lxc.autodev = 1
lxc.hook.autodev = /tmp/e03a162b-88a2-4198-91f7-5d48cab24bce/persist/vsa-1/var/run/lxc.hook.autodev.sh
lxc.apparmor.profile = unconfined
lxc.mount.entry = /tmp/e03a162b-88a2-4198-91f7-5d48cab24bce/persist/vsa-1/var /var none rw,bind 0 0
lxc.mount.entry = /tmp/e03a162b-88a2-4198-91f7-5d48cab24bce/persist/vsa-1/etc/hosts /etc/hosts none ro,bind 0 0
lxc.mount.entry = /tmp/e03a162b-88a2-4198-91f7-5d48cab24bce/persist/vsa-1/var/log /log none rw,bind 0 0
lxc logs:
lxc-execute vsa-1 20200526105150.438 ERROR cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1143 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor.vsa-1"
lxc-execute vsa-1 20200526105150.439 ERROR cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1143 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.payload.vsa-1"
(which I believe is “expected”?)
and sshd reports:
Bind to port 22 on 0.0.0.0 failed: Permission denied.
Bind to port 22 on :: failed: Permission denied.
Cannot bind any address.
If I comment out the lxc.cap.keep line, it works fine, but the application I run when I ssh in can’t get realtime!
Any ideas?
thanks,
Andreas