It looks like the kernel is gating this on having CAP_SYS_NICE in the initial user namespace.
-serge On Mon, Apr 01, 2019 at 04:10:57PM -0500, Mark Paterson wrote: > Any answer on this? > I'm running lxc from snap, on Ubuntu 16.04. We have a couple of big > applications at work that I'd like to run in lxc, but only if there is a > way to make elevated privileges work. > > On Wed, Mar 20, 2019 at 2:00 PM Mark Paterson <markpat...@gmail.com> wrote: > > > Hi all! > > I am trying to run as a non-root user an application in a privileged > > container that requires setting elevated thread priority. From within the > > container, elevating priority works if I use sudo, so I can tell that the > > container is not dropping capabilities. The non-root user is set up in > > /etc/security/limits.d for rtprio, and is mapped via raw.idmap to a host > > user with equivalent privileges that work on the host side. > > > > However, if I try in the container to chrt a process to a higher priority, > > I get "Operation not permitted." What am I missing? > > > > Thanks! > > > > Mark > > > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
