How do I configure LXC to allow the use of SCHED_RR in a container?

Henk asked:

Any ideas on how I can configure LXC/cgroups, to allow the use of SCHED_RR for applications in a container?

On the internet I have seen mention of unmounting the cpu-cgroup, I have tried that, manually (running umount on the cpu cgroup) that did not seem to help.

Any ideas of how I persistently unmount a cgroup? On Fedora 20.

Is unmounting, the cpu cgroup, the correct method for allowing container applications to use the SCHED_RR?


My answer:

Remember that typically LXC containers drop capabilities on startup. You need to, at least, allow CAP_SYS_NICE in the container. This capability allows for calling sched_setscheduler() which is the call you need to set SCHED_RR.

An example for reference LXC configuration:

lxc.cap.keep = sys_nice

And of course your applications must also have CAP_SYS_NICE (or be run as root, in which case they already will).

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.