Configuration of real time scheduler does not work

[jaayala]

• [x] This is a bug report
• [ ] This is a feature request
• [x] I searched existing issues before opening this one

Actual behavior

docker: Error response from daemon: Your kernel does not support cgroup cpu real-time runtime.

Steps to reproduce the behavior

docker run --rm -it --cap-add=sys_nice --cpu-rt-runtime=500000 --ulimit rtprio=99 --privileged srs

Output of docker version:

Client:
 Version:   17.12.1-ce
 API version:   1.35
 Go version:    go1.10.1
 Git commit:    7390fc6
 Built: Wed Apr 18 01:23:11 2018
 OS/Arch:   linux/amd64

Server:
 Engine:
  Version:  17.12.1-ce
  API version:  1.35 (minimum version 1.12)
  Go version:   go1.10.1
  Git commit:   7390fc6
  Built:    Wed Feb 28 17:46:05 2018
  OS/Arch:  linux/amd64
  Experimental: false

Output of docker info:

Containers: 5
 Running: 0
 Paused: 0
 Stopped: 5
Images: 10
Server Version: 17.12.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9b55aab90508bd389d7654c4baf173a981477d55
runc version: 9f9c96235cc97674e935002fc3d78361b696a69e
init version: v0.13.0 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.16.12-rt5-klue-rt
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 15.51GiB
Name: ubuntumini
ID: IK6U:CORC:T5CU:7AIX:WOYW:ASKC:VE35:DUP5:JF4C:MMWF:MJPY:HBWZ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.) Distributor ID: Ubuntu Description: Ubuntu 18.04.1 LTS Release: 18.04 Codename: bionic

uname -mvrs Linux 4.16.12-rt5-klue-rt #2 SMP PREEMPT RT Wed Jun 6 14:55:38 JST 2018 x86_64

[sirzooro]

I have the same problem. It worked on CentOS 7.5, and stopped working when yesterday I upgraded to CentOS 7.6.

I have SELinux disabled in /etc/sysconfig/docker file. Docker service was restarted, and "docker info" does not show selinux in Security Options section.

Here is my Dockerfile:

FROM centos:7
WORKDIR /1
COPY ./rt /1
RUN setcap 'cap_sys_nice=eip' /1/rt
CMD ["/1/rt"]

I run my docker using following command:

docker run --cap-add=sys_nice --security-opt seccomp=unconfined --ulimit rtprio=99 rt-test

I also checked /var/log/audit/audit.log, but did not found any clue there.

[root@localhost 1]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core) 
[root@localhost 1]# uname -a
Linux localhost.localdomain 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost 1]# docker version
Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-88.git07f3374.el7.centos.x86_64
 Go version:      go1.9.4
 Git commit:      07f3374/1.13.1
 Built:           Fri Dec  7 16:13:51 2018
 OS/Arch:         linux/amd64

Server:
 Version:         1.13.1
 API version:     1.26 (minimum version 1.12)
 Package version: docker-1.13.1-88.git07f3374.el7.centos.x86_64
 Go version:      go1.9.4
 Git commit:      07f3374/1.13.1
 Built:           Fri Dec  7 16:13:51 2018
 OS/Arch:         linux/amd64
 Experimental:    false