hst: expose scheduling priority
All checks were successful
Test / Create distribution (push) Successful in 35s
Test / ShareFS (push) Successful in 40s
Test / Sandbox (push) Successful in 44s
Test / Hakurei (push) Successful in 49s
Test / Sandbox (race detector) (push) Successful in 44s
Test / Hakurei (race detector) (push) Successful in 48s
Test / Flake checks (push) Successful in 1m14s
All checks were successful
Test / Create distribution (push) Successful in 35s
Test / ShareFS (push) Successful in 40s
Test / Sandbox (push) Successful in 44s
Test / Hakurei (push) Successful in 49s
Test / Sandbox (race detector) (push) Successful in 44s
Test / Hakurei (race detector) (push) Successful in 48s
Test / Flake checks (push) Successful in 1m14s
This is useful when limits are configured to allow it. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -16,6 +16,7 @@ import (
|
||||
"hakurei.app/command"
|
||||
"hakurei.app/container/check"
|
||||
"hakurei.app/container/fhs"
|
||||
"hakurei.app/container/std"
|
||||
"hakurei.app/hst"
|
||||
"hakurei.app/internal/dbus"
|
||||
"hakurei.app/internal/env"
|
||||
@@ -88,7 +89,9 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
|
||||
flagGroups command.RepeatableFlag
|
||||
flagHomeDir string
|
||||
flagUserName string
|
||||
flagSched string
|
||||
|
||||
flagSchedPolicy string
|
||||
flagSchedPriority int
|
||||
|
||||
flagPrivateRuntime, flagPrivateTmpdir bool
|
||||
|
||||
@@ -178,9 +181,12 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
|
||||
},
|
||||
}
|
||||
|
||||
if err := config.SchedPolicy.UnmarshalText([]byte(flagSched)); err != nil {
|
||||
if err := config.SchedPolicy.UnmarshalText(
|
||||
[]byte(flagSchedPolicy),
|
||||
); err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
config.SchedPriority = std.Int(flagSchedPriority)
|
||||
|
||||
// bind GPU stuff
|
||||
if et&(hst.EX11|hst.EWayland) != 0 {
|
||||
@@ -292,8 +298,10 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
|
||||
"Container home directory").
|
||||
Flag(&flagUserName, "u", command.StringFlag("chronos"),
|
||||
"Passwd user name within sandbox").
|
||||
Flag(&flagSched, "sched", command.StringFlag(""),
|
||||
Flag(&flagSchedPolicy, "policy", command.StringFlag(""),
|
||||
"Scheduling policy to set for the container").
|
||||
Flag(&flagSchedPriority, "priority", command.IntFlag(0),
|
||||
"Scheduling priority to set for the container").
|
||||
Flag(&flagPrivateRuntime, "private-runtime", command.BoolFlag(false),
|
||||
"Do not share XDG_RUNTIME_DIR between containers under the same identity").
|
||||
Flag(&flagPrivateTmpdir, "private-tmpdir", command.BoolFlag(false),
|
||||
|
||||
@@ -36,7 +36,7 @@ Commands:
|
||||
},
|
||||
{
|
||||
"run", []string{"run", "-h"}, `
|
||||
Usage: hakurei run [-h | --help] [--dbus-config <value>] [--dbus-system <value>] [--mpris] [--dbus-log] [--id <value>] [-a <int>] [-g <value>] [-d <value>] [-u <value>] [--sched <value>] [--private-runtime] [--private-tmpdir] [--wayland] [-X] [--dbus] [--pipewire] [--pulse] COMMAND [OPTIONS]
|
||||
Usage: hakurei run [-h | --help] [--dbus-config <value>] [--dbus-system <value>] [--mpris] [--dbus-log] [--id <value>] [-a <int>] [-g <value>] [-d <value>] [-u <value>] [--policy <value>] [--priority <int>] [--private-runtime] [--private-tmpdir] [--wayland] [-X] [--dbus] [--pipewire] [--pulse] COMMAND [OPTIONS]
|
||||
|
||||
Flags:
|
||||
-X Enable direct connection to X11
|
||||
@@ -60,14 +60,16 @@ Flags:
|
||||
Allow owning MPRIS D-Bus path, has no effect if custom config is available
|
||||
-pipewire
|
||||
Enable connection to PipeWire via SecurityContext
|
||||
-policy string
|
||||
Scheduling policy to set for the container
|
||||
-priority int
|
||||
Scheduling priority to set for the container
|
||||
-private-runtime
|
||||
Do not share XDG_RUNTIME_DIR between containers under the same identity
|
||||
-private-tmpdir
|
||||
Do not share TMPDIR between containers under the same identity
|
||||
-pulse
|
||||
Enable PulseAudio compatibility daemon
|
||||
-sched string
|
||||
Scheduling policy to set for the container
|
||||
-u string
|
||||
Passwd user name within sandbox (default "chronos")
|
||||
-wayland
|
||||
|
||||
@@ -104,9 +104,15 @@ type Config struct {
|
||||
// Init user namespace supplementary groups inherited by all container processes.
|
||||
Groups []string `json:"groups"`
|
||||
|
||||
// Scheduling policy to set for the container. The zero value retains the
|
||||
// current scheduling policy.
|
||||
// Scheduling policy to set for the container.
|
||||
//
|
||||
// The zero value retains the current scheduling policy.
|
||||
SchedPolicy std.SchedPolicy `json:"sched_policy,omitempty"`
|
||||
// Scheduling priority to set for the container.
|
||||
//
|
||||
// The zero value implies the minimum priority of the current SchedPolicy.
|
||||
// Has no effect if SchedPolicy is zero.
|
||||
SchedPriority std.Int `json:"sched_priority,omitempty"`
|
||||
|
||||
// High level configuration applied to the underlying [container].
|
||||
Container *ContainerConfig `json:"container"`
|
||||
|
||||
@@ -100,7 +100,8 @@ func newOutcomeState(k syscallDispatcher, msg message.Msg, id *hst.ID, config *h
|
||||
PrivPID: k.getpid(),
|
||||
Verbose: msg.IsVerbose(),
|
||||
|
||||
SchedPolicy: config.SchedPolicy,
|
||||
SchedPolicy: config.SchedPolicy,
|
||||
SchedPriority: config.SchedPriority,
|
||||
},
|
||||
|
||||
ID: id,
|
||||
|
||||
@@ -75,6 +75,8 @@ type shimParams struct {
|
||||
|
||||
// Copied from [hst.Config].
|
||||
SchedPolicy std.SchedPolicy
|
||||
// Copied from [hst.Config].
|
||||
SchedPriority std.Int
|
||||
|
||||
// Outcome setup ops, contains setup state. Populated by outcome.finalise.
|
||||
Ops []outcomeOp
|
||||
@@ -276,6 +278,7 @@ func shimEntrypoint(k syscallDispatcher) {
|
||||
z := container.New(ctx, msg)
|
||||
z.SetScheduler = state.Shim.SchedPolicy > 0
|
||||
z.SchedPolicy = state.Shim.SchedPolicy
|
||||
z.SchedPriority = state.Shim.SchedPriority
|
||||
z.Params = *stateParams.params
|
||||
z.Stdin, z.Stdout, z.Stderr = os.Stdin, os.Stdout, os.Stderr
|
||||
|
||||
|
||||
@@ -210,10 +210,10 @@ print(machine.succeed('grep "shim: got SIGCONT from unexpected process$" /tmp/sh
|
||||
sched_unset = int(machine.succeed("sudo -u alice -i hakurei -v run cat /proc/self/sched | grep '^policy' | tr -d ' ' | cut -d ':' -f 2"))
|
||||
if sched_unset != 0:
|
||||
raise Exception(f"unexpected unset policy: {sched_unset}")
|
||||
sched_idle = int(machine.succeed("sudo -u alice -i hakurei -v run --sched=idle cat /proc/self/sched | grep '^policy' | tr -d ' ' | cut -d ':' -f 2"))
|
||||
sched_idle = int(machine.succeed("sudo -u alice -i hakurei -v run --policy=idle cat /proc/self/sched | grep '^policy' | tr -d ' ' | cut -d ':' -f 2"))
|
||||
if sched_idle != 5:
|
||||
raise Exception(f"unexpected idle policy: {sched_idle}")
|
||||
sched_rr = int(machine.succeed("sudo -u alice -i hakurei -v run --sched=rr cat /proc/self/sched | grep '^policy' | tr -d ' ' | cut -d ':' -f 2"))
|
||||
sched_rr = int(machine.succeed("sudo -u alice -i hakurei -v run --policy=rr cat /proc/self/sched | grep '^policy' | tr -d ' ' | cut -d ':' -f 2"))
|
||||
if sched_rr != 2:
|
||||
raise Exception(f"unexpected round-robin policy: {sched_idle}")
|
||||
|
||||
|
||||
Reference in New Issue
Block a user