Any method of running Freeswitch in lxc unprivileged container without disabling IOSchedulingClass=realtime ? Freeswitch fails to start in unprivileged lxc container, ie on proxmox.

[1ionoi1]

Using Proxmox 7.2.3, Freeswitch will run in lxc privileged container. Freeswitch will not run in lxc unprivileged container without commenting out IOSchedulingClass=realtime in /lib/systemd/system/freeswitch.service

How can Freeswitch be run in lxc unprivileged container without changing IOSchedulingClass ?

CT container template debian-11-standard_11.3-1_amd64.tar.zst shows the following output errors:

root@deb11fstest:~# freeswitch -c ERROR: Failed to set SCHED_FIFO scheduler (Operation not permitted)

journalctl -xe

May 22 21:00:32 deb11fstest systemd[1]: Starting freeswitch... -- Subject: A start job for unit freeswitch.service has begun execution -- Defined-By: systemd -- Support: https://www.debian.org/support

-- A start job for unit freeswitch.service has begun execution.

-- The job identifier is 1686. May 22 21:00:32 deb11fstest systemd[125577]: freeswitch.service: Failed to set up CPU scheduling: Operation not permitted May 22 21:00:32 deb11fstest systemd[125577]: freeswitch.service: Failed at step SETSCHEDULER spawning /bin/mkdir: Operation not permitted -- Subject: Process /bin/mkdir could not be executed -- Defined-By: systemd -- Support: https://www.debian.org/support

-- The process /bin/mkdir could not be executed and failed.

-- The error number returned by this process is ERRNO. May 22 21:00:32 deb11fstest systemd[1]: freeswitch.service: Control process exited, code=exited, status=214/SETSCHEDULER -- Subject: Unit process exited -- Defined-By: systemd -- Support: https://www.debian.org/support

-- An ExecStartPre= process belonging to unit freeswitch.service has exited.

-- The process' exit code is 'exited' and its exit status is 214. May 22 21:00:32 deb11fstest systemd[1]: freeswitch.service: Failed with result 'exit-code'. -- Subject: Unit failed -- Defined-By: systemd -- Support: https://www.debian.org/support

-- The unit freeswitch.service has entered the 'failed' state with result 'exit-code'. May 22 21:00:32 deb11fstest systemd[1]: Failed to start freeswitch. -- Subject: A start job for unit freeswitch.service has failed -- Defined-By: systemd -- Support: https://www.debian.org/support

-- A start job for unit freeswitch.service has finished with a failure.

-- The job identifier is 1686 and the job result is failed. May 22 21:00:32 deb11fstest systemd[1]: freeswitch.service: Scheduled restart job, restart counter is at 3. -- Subject: Automatic restarting of a unit has been scheduled -- Defined-By: systemd -- Support: https://www.debian.org/support

-- Automatic restarting of the unit freeswitch.service has been scheduled, as the result for -- the configured Restart= setting for the unit. May 22 21:00:32 deb11fstest systemd[1]: Stopped freeswitch. -- Subject: A stop job for unit freeswitch.service has finished -- Defined-By: systemd -- Support: https://www.debian.org/support

-- A stop job for unit freeswitch.service has finished.

[iuridiniz]

AFAIK This issue is not related to freeswitch.

In order to change realtime io scheduler, the container needs CAP_SYS_ADMIN capability.

I don't know how to add this cap in your container platform, but LXC allows to set which capabilities to preserve, see lxc.cap.keep (https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html)

Almost all container platform drop capabilities at container boot in order to avoid container to break isolation. So be warned that keeping CAP_SYS_ADMIN in your container could break isolation.

[iuridiniz]

Looking your error message, the problem was with CPU scheduler (ERROR: Failed to set SCHED_FIFO scheduler (Operation not permitted)), so you need CAP_SYS_NICE too

If you want to start freeswitch without realtime scheduler, use the -np (normal priority) param