freeswitch
freeswitch copied to clipboard
signalwire
Any method of running Freeswitch in lxc unprivileged container without disabling IOSchedulingClass=realtime ? Freeswitch fails to start in unprivileged lxc container, ie on proxmox.
Using Proxmox 7.2.3, Freeswitch will run in lxc privileged container. Freeswitch will not run in lxc unprivileged container without commenting out IOSchedulingClass=realtime in /lib/systemd/system/freeswitch.service
How can Freeswitch be run in lxc unprivileged container without changing IOSchedulingClass ?
CT container template debian-11-standard_11.3-1_amd64.tar.zst shows the following output errors:
root@deb11fstest:~# freeswitch -c ERROR: Failed to set SCHED_FIFO scheduler (Operation not permitted)
journalctl -xe
May 22 21:00:32 deb11fstest systemd[1]: Starting freeswitch... -- Subject: A start job for unit freeswitch.service has begun execution -- Defined-By: systemd -- Support: https://www.debian.org/support
-- A start job for unit freeswitch.service has begun execution.
-- The job identifier is 1686. May 22 21:00:32 deb11fstest systemd[125577]: freeswitch.service: Failed to set up CPU scheduling: Operation not permitted May 22 21:00:32 deb11fstest systemd[125577]: freeswitch.service: Failed at step SETSCHEDULER spawning /bin/mkdir: Operation not permitted -- Subject: Process /bin/mkdir could not be executed -- Defined-By: systemd -- Support: https://www.debian.org/support
-- The process /bin/mkdir could not be executed and failed.
-- The error number returned by this process is ERRNO. May 22 21:00:32 deb11fstest systemd[1]: freeswitch.service: Control process exited, code=exited, status=214/SETSCHEDULER -- Subject: Unit process exited -- Defined-By: systemd -- Support: https://www.debian.org/support
-- An ExecStartPre= process belonging to unit freeswitch.service has exited.
-- The process' exit code is 'exited' and its exit status is 214. May 22 21:00:32 deb11fstest systemd[1]: freeswitch.service: Failed with result 'exit-code'. -- Subject: Unit failed -- Defined-By: systemd -- Support: https://www.debian.org/support
-- The unit freeswitch.service has entered the 'failed' state with result 'exit-code'. May 22 21:00:32 deb11fstest systemd[1]: Failed to start freeswitch. -- Subject: A start job for unit freeswitch.service has failed -- Defined-By: systemd -- Support: https://www.debian.org/support
-- A start job for unit freeswitch.service has finished with a failure.
-- The job identifier is 1686 and the job result is failed. May 22 21:00:32 deb11fstest systemd[1]: freeswitch.service: Scheduled restart job, restart counter is at 3. -- Subject: Automatic restarting of a unit has been scheduled -- Defined-By: systemd -- Support: https://www.debian.org/support
-- Automatic restarting of the unit freeswitch.service has been scheduled, as the result for -- the configured Restart= setting for the unit. May 22 21:00:32 deb11fstest systemd[1]: Stopped freeswitch. -- Subject: A stop job for unit freeswitch.service has finished -- Defined-By: systemd -- Support: https://www.debian.org/support
-- A stop job for unit freeswitch.service has finished.
AFAIK This issue is not related to freeswitch.
In order to change realtime io scheduler, the container needs CAP_SYS_ADMIN capability.
I don't know how to add this cap in your container platform, but LXC allows to set which capabilities to preserve, see lxc.cap.keep (https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html)
Almost all container platform drop capabilities at container boot in order to avoid container to break isolation. So be warned that keeping CAP_SYS_ADMIN in your container could break isolation.
Looking your error message, the problem was with CPU scheduler (ERROR: Failed to set SCHED_FIFO scheduler (Operation not permitted)), so you need CAP_SYS_NICE too
If you want to start freeswitch without realtime scheduler, use the -np (normal priority) param