http://www.freedesktop.org/software/systemd/man/systemd.exec.html there are a lot of Scheduling options
Am 31.12.2012 02:50, schrieb JB:
>
> Bottom line is I need to give a process started by systemd and any process
> started by that process some privileges
> to chanage scheduler and other things when it starts. How do I tell systemd
> to grant these privileges to one of
> it's services?
>
> Here's all the detail:
>
> I'm having a really frustrating problem. I have a ruby webrick daemon that
> starts up at boot. Previously it
> always started from init and that always worked fine right up through fedora
> 8 on a 2.6.29.9 kernel. Now I'm
> running the following:
> OS: Fedora Core 15
> Kernel: 2.6.38.8 64-bit with RTAI patches
> SELinux is disabled
>
> I did manage to get the thing to start using the following service file:
> *********** BEGIN webrickd.service ************
> [Unit]
> Description=Configuration ruby webrick daemon
> After=network.target
>
> [Service]
> Type=forking
> WorkingDirectory=/home/rtuser/app/bin
> PIDFile=/home/rtuser/app/data/logs/webrickd.pid
> ExecStartPre=/home/rtuser/app/system/scripts/preStart.sh
> ExecStart=/home/rtuser/app/bin/webrickd.rb -d -p
> /home/rtuser/app/data/logs/webrickd.pid
> StandardOutput=null
> StandardError=null
> User=rtuser
> Group=rtuser
>
> [Install]
> WantedBy=multi-user.target
> *********** END webrickd.service *************
>
> This webrick daemon upon receiving a specific web service call uses "exec" to
> start another process called appcore
> which is a compiled C application. appcore runs real-time and consequently
> uses a call to sched_setscheduler() to
> change it's scheduling from the default. Sample code for reproduction is
> below:
>
> *********** BEGIN appcore.c *************
> #include <stdio.h>
> #include <errno.h>
> #include <sched.h>
>
> int main(int argc, char *argv[])
> {
> struct sched_param mysched;
>
> errno = 0;
> mysched.sched_priority = sched_get_priority_max(SCHED_FIFO) - 1;
> if( sched_setscheduler( 0, SCHED_FIFO, &mysched ) == -1 ) {
> puts("appcore: ERROR IN SETTING THE SCHEDULER");
> perror("errno");
> return 1;
> } // end
> if
>
>
>
> return 0;
> }
> ************** END appcore.c **************
>
> compile with gcc -o appcore appcore.c
>
> Running the above program will work with a normally created unprivileged user
> account but only when logged in with
> a PAM session using an interactive shell. As soon as I try to start this up
> from anything that is started by
> systemd, it yields an "Operation not permitted" error. I realize there are
> other ways to specify what scheduling
> service a process should have in the above systemd configuration file, but
> that does not solve my problem. Even
> without this call, the RTAI extensions I use which use a call to
> rtai_task_init() also apparently require this same
> privilege (or one like it) because it too fails with "Operation not
> permitted" so even if I tell systemd to give
> the ruby webrickdaemon SCHED_FIFO priority and I can somehow get that
> inherited to appcore, I will still have the
> same problem, because there is no way for systemd to create a real-time task
> using the RTAI extensions for me
> before my program starts. I've tried all the following (and their
> combinations) without success:
>
> LimitCPU=infinity
> LimitFSIZE=infinity
> LimitDATA=infinity
> LimitSTACK=infinity
> LimitCORE=infinity
> LimitRSS=infinity
> #LimitNOFILES=infinity # using any variety of this fails no matter what
> LimitAS=infinity
> LimitNPROC=infinity
> LimitMEMLOCK=infinity
> LimitLOCKS=infinity
> LimitSIGPENDING=infinity
> LimitMSGQUEUE=infinity
> LimitNICE=infinity
> LimitRTPRIO=infinity
> LimitRTTIME=infinity
> CapabilityBoundingSet=~CAP_SYS_PTRACE
> PAMName=appcore
>
> Modifications to /etc/security/limits.conf of course don't really help
> because it works fine under a shell without
> any modifications and that stuff all gets bypassed with init processes
> starting even when you specify User and
> Group. I've tried using sudo (won't even start it) to try to get a PAM
> session as though it were a login, I've
> tried setuid without success, I've tried everything I can think of but
> absolutely everything works when run from an
> interactive shell and absolutely nothing works, all I get is "Operation not
> permitted" anytime I let systemd start
> things up. Please help! I'm desperate. I get what you're trying to do with
> systemd and I support it and I have
> to say for a first release of it, it seems well designed and thought out.
> I'm impressed with it's flexibility.
> However, I quite literally ***cannot find a way to make this work*** when it
> just "worked" before. What in the
> world do I have to do to have systemd start this process up with whatever
> equivalent rights or permissions it used
> to have with init and whatever it seems to have when run from an interactive
> shell.
>
> _______________________________________________
> systemd-devel mailing list
> [email protected]
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
