ICSHWI-7098 Run as iocuser:iocgroup and not as root:root (!19) · Merge requests · ccce / ans / ics-ans-role-lab-ioc-deploy

Krisztián Löki requested to merge realtime into develop May 17, 2021

Running as root is problematic in many ways one of which is that root is not allowed to write to the nonvolatile NFS share that is used by autosave. However, simply running as iocuser causes problems with realtime IOCs; added CAP_IPC_LOCK so that mlock() and mlockall() works as expected.

Added ioc_realtime and per-IOC realtime option: adds CAP_SYS_NICE to capabilities and adds --realtime option to iocsh.bash

Edited May 17, 2021 by Krisztián Löki

ICSHWI-7098 Run as iocuser:iocgroup and not as root:root

Merge request reports