On 2016-09-28 19:32, Petr Fischer wrote: > Hello, > > I need to run some smalltalk VM (linux binary), that uses thread with higher > priority for something like "heartbeat", and when I run this binary (VM) as > regular user, this error occurs: > > pthread_setschedparam failed: Operation not permitted > > When I run it with "sudo" (as root user), everything is OK. > > So I thought, OK, if it needs root access, it's a security risk and I will > run it in isolated jail (created by ezjail)! But, there is another problem - > in a jail, it does not work even with root permissions (sudo, root user > inside jail), this error again: > > pthread_setschedparam failed: Operation not permitted > > Can I do something with this situation, I listed all sysctl vars, but nothing > interesting, there is for example "security.bsd.unprivileged_idprio", but > that is for idle priority, not realtime priority (not found something like > *.rtprio). > > Any ideas please? Thanks! pf > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" >
This is expected. A regular user cannot set a negative priority, or renice a process to a 'lower' nice level (higher priority) than it was started with. Even root in jails cannot do this (basically jails are restricted the same as a regular unprivileged user on the host). This prevents a user, or a malicious jail, from setting a process to high priority and starving the rest of the processes. Your best bet might be to run the other processes with a higher nice level, and leave the heartbeat process at the default priority. This can be done as a regular user. -- Allan Jude
signature.asc
Description: OpenPGP digital signature
