Quoting Peter Steele (pwste...@gmail.com): > I have a privileged container that runs ctdb and needs to have real > time scheduling enabled. The error reported by ctdb is: > > Sep 05 10:27:05 pws-01-vm-05 systemd[1]: Starting CTDB... > Sep 05 10:27:06 pws-01-vm-05 ctdbd[1598]: CTDB starting on node > Sep 05 10:27:06 pws-01-vm-05 ctdbd[1599]: Starting CTDBD (Version > 2.5.4) as PID: 1599 > Sep 05 10:27:06 pws-01-vm-05 ctdbd[1599]: Created PID file > /run/ctdb/ctdbd.pid > Sep 05 10:27:06 pws-01-vm-05 ctdbd[1599]: Unable to set scheduler to > SCHED_FIFO (Operation not permitted) > Sep 05 10:27:06 pws-01-vm-05 ctdbd[1599]: CTDB daemon shutting down > > Apparently. my container is dropping the sys_nice capability which > is needed for real time scheduling. I thought I could just add the > line > > lxc.cap.keep = sys_nice > > but this has the side effect of dropping all capabilities except > this one so that just made things worse. What is the correct way to > enable a specific capability for a container?
You shouldn't need to do anything other than make sure that sys_nice isn't in any lxc.cap.drop line. You can use 'capsh --print' to verify that you have the cap. > I'm running CentOS 7 and am using a custom template. By config is > pretty basic with just the following parameters defined: > > lxc.tty = 4 > lxc.pts = 1024 > lxc.utsname = test > lxc.network.type = veth > lxc.network.flags = up > lxc.network.link = br0 > lxc.network.veth.pair = veth-test > lxc.network.hwaddr = 00:16:3e:16:ef:32 > lxc.rootfs = /lxc/test Is this the config you passed to lxc-create, or the full final configuration? _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users