cyclictest does not run with gVisor runtime
gqlo opened this issue · comments
Description
Hello there:
I am trying to use cyclictest to benchmark the CPU latency in gVisor containers:
docker run --privileged -it --runtime=runsc --cpus=4 --memory="8192m" leap-runsc /bin/bash
I am getting:
Unable to change scheduling policy!
either run as root or join realtime group
Apparently I am running a privileged container, logged into the shell with root user. There are no issues with runc, kata-runtime etc. Is there a way to run cyclictest in gVisor?
Steps to reproduce
docker run --privileged -it --runtime=runsc --cpus=4 --memory="8192m" leap-runsc /bin/bash
runsc version
runsc version release-20210720.0
spec: 1.0.2docker version (if using docker)
Client: Docker Engine - Community
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:54:27 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:33 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0uname
Linux 5e112f3641f4 4.4.0 #1 SMP Sun Jan 10 15:06:54 PST 2016 x86_64 x86_64 x86_64 GNU/Linux
kubectl (if using Kubernetes)
No response
repo state (if built from source)
No response
runsc debug logs (if available)
No response
If I'm looking at the right code, this is because cyclictest is calling sched_setscheduler(SCHED_FIFO), which we don't support. We probably won't be able to run cyclictest if it relies on setting scheduling policy. The underlying reason is that gVisor lets the Go runtime handle scheduling, so we shouldn't tell applications we support "real-time" scheduling policies.