# Linux compatibility layer - ulimit - pthread_setschedparam failed: Operation not permitted



## Petr Fischer (Sep 14, 2016)

Hello, I need to run some smalltalk VM, that uses thread for "heartbeat", and when I run this binary (VM), this error occurs:

```
pthread_setschedparam failed: Operation not permitted
```

Advice from VM developers are (this is advice for Linux!):

1) add file to dir /etc/security/limits.d/ with this contents:

```
*       hard    rtprio  2
*       soft    rtprio  2
```

2) Then use (in bash script):

```
ulimit -r 2
```
and run the VM

But how can I setup this things (1)+(2) on FreeBSD? There is no ulimit -r parameter, and no /etc/security dir.


----------



## Juha Nurmela (Sep 14, 2016)

The error sounds like it tries to do something that's only possible for root.
Do you really need to change the system defaults ?
Do you know rtprio(1) ? Like `rtprio 2 prog args`

Knowing nothing about the issue,
Juha


----------



## Petr Fischer (Sep 15, 2016)

Yes, some threads in smalltalk VM need higher (realtime) priority and it's not possible for normal user (only root). rtprio is right tool for changing priority, but it's also possible for root only (and not configurable, right?).
I want to run VM process as normal user (not root, due to security).
I can set `sysctl security.bsd.unprivileged_idprio=1`, for idprio tool, but I can't set something  similar for rtptio.

It looks like in Linux, I can set this higher/realtime priorities only for one executable/binary, not possible in FreeBSD, right?


----------



## fossette (Sep 15, 2016)

Not the ideal solution, but perhaps you could reduce the priority of all processes that are in the way of your VM using renice(8) as a normal user.  There are lots of running processes, but not all of them are CPU intensive.

Dominique.


----------



## Petr Fischer (Sep 16, 2016)

fossette - I can't use renice, because smalltalk VM process quit with permission error right after start.

Quick and dirty solution for my problem IMHO is: run the smalltalk VM process under root in isolated jail.


----------



## tobik@ (Sep 16, 2016)

rtprio(2) says that 





> Realtime and idle priority is inherited through fork() and exec().


 So maybe switching users via e.g. `rtprio 2 sudo -u user prog args` would work?


----------



## Petr Fischer (Sep 16, 2016)

tobik - Unfortunately, it does not work (Operation not permitted, again). Maybe priority is not propagated...


----------



## tobik@ (Sep 16, 2016)

Petr Fischer said:


> tobik - Unfortunately, it does not work (Operation not permitted, again). Maybe priority is not propagated...


Hmm, you'd still need to run `rtprio` as root: `sudo rtprio 2 sudo -u user prog args`

I just mean that you should be able to drop to a regular user account afterwards.


----------



## Petr Fischer (Sep 16, 2016)

tobik - yes, I tried with 2x sudo and directly under root - it seems that priorities are not propagated via second sudo


----------



## Petr Fischer (Sep 28, 2016)

Ohhh nooo again please - so, as it is written above, I can solve my problem with running VM under root, so if VM want to create thread with realtime priority, everything is OK.

But, if I want to isolate this thing in jail (for security, VM is runnign under root) - there is a problem, even if I run VM via sudo, I got error:

```
pthread_setschedparam failed: Operation not permitted
```

So it looks like in a jail, I have no permissions for realtime prio threads even under root user (jail root user). 
rtprio command is for processes, not jails 

Any ideas please?


----------

