Run Application with Real-Time Rights

Qubit · October 4, 2021, 12:07pm

I use an application that requires real time capability (EtherCAT Master by acontis), when I start the application I get:

ERROR - cannot change scheduling policy!
root privilege is required or realtime group has to be joined!

Normally I would edit /etc/security/limits.conf and add the user/group with real-time rights by adding

realtime - rtprio 99

But how do I solve this with Torizon with the container? (I use TorizonCore with PREEMPT_RT)

jeremias.tx · October 4, 2021, 8:08pm

Greetings @Qubit,

The simple solution would be to use the --privileged flag which gives that specific container root rights. However I understand that this is sometimes not ideal for all use-cases.

Docker has other various arguments that adjust and set Real-Time configurations: Runtime options with Memory, CPUs, and GPUs | Docker Documentation

Try these options and let me know if this helps your EtherCAT application run.

Best Regards,
Jeremias

Qubit · October 5, 2021, 8:21am

Hi Jeremias

So I added the privileged flag to the devcontainer.json as following:

....
"runArgs": [

        "--network=host",

        "--privileged"

    ],
...

Did a Torizon: Rebuild SDK and reload in container. But still got the error. So I connected over SSH and run the following command:
apalis-imx8-06494488:~$ docker inspect --format=‘{{.HostConfig.Privileged}}’ 851b6244…
false

It seems that this didn’t worked. I am really a beginner when it comes to Docker

jeremias.tx · October 5, 2021, 5:44pm

The json file you modified is for the development container which builds the application not for the application container that runs your code. Please do not modify this file as it can cause your project to work unpredictably.

To modify your application container you need to use the configuration panel provided by the Torizon extension. For any generic docker configuration you can use the extraparms option. For --privileged you need to pass a key/value pair of privileged and True.

For more tips about using the extension the following article is also useful: Torizon Best Practices Guide | Toradex Developer Center

Alternatively, you can also set the the project’s username to root instead of torizon. Which effectively gives the container root privileges as well. This is shown here with our article on using CAN: How to Use CAN on TorizonCore | Toradex Developer Center

Since using the CAN bus properly also requires root privileges.

Best Regards,
Jeremias

Qubit · October 6, 2021, 11:49am

Ah ok.

Only privileged flag was not enough but setting the user to root it works. Thank you very much Jeremias. It’s still a long way to go to understand all this with the VSC, Docker and Torizon. Next piece of the puzzle solved.

jeremias.tx · October 6, 2021, 6:16pm

Glad I could be of assistance!