From owner-freebsd-jail@freebsd.org Wed Sep 28 23:32:30 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EF29C01417 for ; Wed, 28 Sep 2016 23:32:30 +0000 (UTC) (envelope-from petr.fischer@me.com) Received: from pv33p00im-asmtp002.me.com (pv33p00im-asmtp002.me.com [17.142.194.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5537C1E1E for ; Wed, 28 Sep 2016 23:32:30 +0000 (UTC) (envelope-from petr.fischer@me.com) Received: from process-dkim-sign-daemon.pv33p00im-asmtp002.me.com by pv33p00im-asmtp002.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0OE800K00L9K1U00@pv33p00im-asmtp002.me.com> for freebsd-jail@freebsd.org; Wed, 28 Sep 2016 23:32:29 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=4d515a; t=1475105549; bh=OnFPG8shp3hE8irTXEWkZsAQGL/wWMKV/GNRfNdDWIM=; h=Date:From:To:Subject:Message-id:MIME-version:Content-type; b=qSTRhA8ZsO/YVXQ8tZHq4xDl1TWujoRtvQk5Wh8uIO8ojO4LKY0I3amxmtJ54/3sY eaIlNBf+sDTpdITGffxzoCrwFX1QXV+o5ztv5NCHpLPSxWapsyACltFMB0XsV+9QMw n/ilrLoL8GJb5nEdipVYmKV9YD18gmixFnvyZjTde//KGMQ2ceQkNo11wXa+MRjCQe J/ItY9xDRqZ6Wmw0yx7Fa3+2zeKps4eVA058PG4O0vybKhJrvSZlEOQIUQKsTYaF86 WzrELGiYnXO1kX5J9LZKmvkjRdTHgbjv6w40oBJToRdCI4BOr/2vkkxMk5/5IXYFGK jO+vhNtmH9nFg== Received: from localhost (109.2.broadband2.iol.cz [83.208.2.109]) by pv33p00im-asmtp002.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0OE800IS4MQ0G600@pv33p00im-asmtp002.me.com> for freebsd-jail@freebsd.org; Wed, 28 Sep 2016 23:32:26 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-09-28_13:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1603290000 definitions=main-1609280410 Date: Thu, 29 Sep 2016 01:32:22 +0200 From: Petr Fischer To: freebsd-jail@freebsd.org Subject: Linux compatibility layer - ulimit - pthread_setschedparam failed: Operation not permitted Message-id: <20160928233222.GH57400@pf-bsd.local> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2016 23:32:30 -0000 Hello, I need to run some smalltalk VM (linux binary), that uses thread with higher priority for something like "heartbeat", and when I run this binary (VM) as regular user, this error occurs: pthread_setschedparam failed: Operation not permitted When I run it with "sudo" (as root user), everything is OK. So I thought, OK, if it needs root access, it's a security risk and I will run it in isolated jail (created by ezjail)! But, there is another problem - in a jail, it does not work even with root permissions (sudo, root user inside jail), this error again: pthread_setschedparam failed: Operation not permitted Can I do something with this situation, I listed all sysctl vars, but nothing interesting, there is for example "security.bsd.unprivileged_idprio", but that is for idle priority, not realtime priority (not found something like *.rtprio). Any ideas please? Thanks! pf