Setting sched_setscheduler for SCHED_FIFO in a container. Getting EPERM error. #22380
Description
I am trying to run a group of programs (all fairly old, originated in QNX 4/6, then ported to RHEL5/6) in a CentOS container. All call sched_setscheduler(). All fail.
All information I can find on the internet regarding why/what to do is wrong (as far as I can see) or outdated.
There should be some definitive guidance 'somewhere' regarding this.
I have previously posted to https://forums.docker.com/t/centos-based-container-unable-to-sched-setscheduler/9513. This is unanswered, so I thought I'd open it as a full bug report.
For initial development purposes I am working on my OSX El-Capitan Macbook Pro which is running the latest Toolbox 1.11.0. I am also running b2d under parallels 11 pro (fully up-to-date), rather than VirtualBox.
The parallels VM is started from the command line:
Bobs-MacBook-Pro:~ bob$ docker-machine start prl-dev
Bobs-MacBook-Pro:~ bob$ docker-machine env prl-dev
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://10.211.55.11:2376"
export DOCKER_CERT_PATH="/Users/bob/.docker/machine/machines/prl-dev"
export DOCKER_MACHINE_NAME="prl-dev"
# Run this command to configure your shell:
# eval $(docker-machine env prl-dev)
Bobs-MacBook-Pro:~ bob$
Consider the following trivial application:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <errno.h>
#include <sched.h>
int main(int ac, char *av[]) {
/*********************\
* set up scheduling *
\*********************/
struct sched_param sched;
sched.sched_priority = 8; /* set priority */
if ( sched_setscheduler(getpid(), SCHED_FIFO, &sched) < 0 )
fprintf(stderr, "SETSCHEDULER failed - err = %s\n", strerror(errno));
else
printf("Priority set to \"%d\"\n", sched.sched_priority);
exit(0);
}
This fails thusly:
[root@8e1091098444 c]# cc ss.c
[root@8e1091098444 c]# ./a.out
SETSCHEDULER failed - err = Operation not permitted
I am uid==0:
[root@8e1091098444 c]# id
uid=0(root) gid=0(root) groups=0(root)
My compiler is the most recent (being freshly installed):
[root@8e1091098444 c]# cc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
[root@8e1091098444 c]#
Start information:
Bobs-MacBook-Pro:digscan bob$ docker run --rm --privileged --name digscan -p 6688:6688 digscan
Container information:
[root@8e1091098444 c]# cat /etc/issue
CentOS release 6.7 (Final)
Kernel \r on an \m
[root@8e1091098444 c]# uname -a
Linux 8e1091098444 4.1.19-boot2docker #1 SMP Thu Apr 7 02:41:05 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@8e1091098444 c]# ulimit
unlimited
[root@8e1091098444 c]# capsh --print
Current: = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,34,35,36,37+eip
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,34,35,36,37
Securebits: 00/0x0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
uid=0
Version/Info output for reference:
Bobs-MacBook-Pro:~ bob$ eval $(docker-machine env prl-dev)
Bobs-MacBook-Pro:~ bob$ docker version
Client:
Version: 1.11.0
API version: 1.23
Go version: go1.5.4
Git commit: 4dc5990
Built: Wed Apr 13 18:13:28 2016
OS/Arch: darwin/amd64
Server:
Version: 1.11.0
API version: 1.23
Go version: go1.5.4
Git commit: 4dc5990
Built: Wed Apr 13 19:36:04 2016
OS/Arch: linux/amd64
Bobs-MacBook-Pro:~ bob$ docker info
Containers: 32
Running: 1
Paused: 0
Stopped: 31
Images: 354
Server Version: 1.11.0
Storage Driver: aufs
Root Dir: /mnt/sda1/var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 311
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: null host bridge
Kernel Version: 4.1.19-boot2docker
Operating System: Boot2Docker 1.11.0 (TCL 7.0); HEAD : 32ee7e9 - Wed Apr 13 20:06:49 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 5.82 GiB
Name: prl-dev
ID: XZWP:5U7R:PXLY:GLDY:A2MB:AEOP:JKPX:ATZG:TQDM:GSUW:OSFV:RYDH
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug mode (client): false
Debug mode (server): true
File Descriptors: 22
Goroutines: 55
System Time: 2016-04-28T01:33:20.563718565Z
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
provider=parallels
Bobs-MacBook-Pro:~ bob$