Bug 32201 - realtime and memlock limits needed for jackd (jackit package) not provided to user in plasma
Summary: realtime and memlock limits needed for jackd (jackit package) not provided to...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Installer (show other bugs)
Version: 9
Hardware: x86_64 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2023-08-29 06:03 CEST by david gritter
Modified: 2024-02-15 00:03 CET (History)
6 users (show)

See Also:
Source RPM: systemd-253.10-1.1.mga9
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description david gritter 2023-08-29 06:03:52 CEST 
upon initial installation of mageia 9 with plasma as the selected graphical manager, it is  not possible to start jackd with realtime priority and memlock capabilities.  The jackit rpm package puts the correct information in the /etc/security/limits.d directory, but in plasma a user in the realtime group does not get these privileges 

If one logs in using the icewm the user does get these privileges and jackd can be started correctly.  

It also works correctly in Mageia 8


Version-Release number of selected component (if applicable):


How reproducible:  Always happens


Steps to Reproduce:
1.install mageia 9 from x86_64 .iso and select kde plasma
2.add user and give user audio and realtime group assignments
3.install qjackctl
4 using qjackctl attempt to start jackd.  qjackctl windows will give messages:
"cannot use realtime scheduling (rr/10) (1: operation not permitted"
"cannot lock down xxx byte memory area"

5 log in with ICEWM and repeat.  jackd starts correctly and doesn't give the above error messages
Comment 1 Lewis Smith 2023-08-29 20:24:09 CEST 
Thank you for the report.

Unsure where the fault lies: jackit or Plasma. Assigning globally because jackit does not have a regular maintainer.

Assignee: bugsquad => pkg-bugs
Source RPM: jackit 1.9.21-3.mga9 => jackit 1.9.21-3.mga9, qjackctl-0.9.9-1.mga9

Comment 2 Lewis Smith 2023-08-29 20:25:38 CEST 
CC'ing KDE maintainers.

CC: (none) => kde

Comment 3 Jan Smout 2024-02-13 23:51:38 CET 
I have exactly the same issue. I used to run Ardour with jack or alsa flawlessly on plasma in mageia 8. But now it has has become unusable in plasma due to xruns.

On a VT:

[jan@escher ~]$ ulimit -r
99
[jan@escher ~]$ strace -e sched_setscheduler chrt -f 80 /bin/true 
sched_setscheduler(0, SCHED_FIFO, [80]) = 0
+++ exited with 0 +++


In a terminal, when logged into Plasma:

[jan@escher ~]$ ulimit -r
0
[jan@escher ~]$ strace -e sched_setscheduler chrt -f 80 /bin/true 
sched_setscheduler(0, SCHED_FIFO, [80]) = -1 EPERM (Operation not permitted)
chrt: failed to set pid 0's policy: Operation not permitted
+++ exited with 1 +++


Normally pam_limits takes care of /etc/security/limits... but, comparing mageia 8 and 9, I see many more systemd units popping up for plasma.

So, could it be related to this ?

https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#LimitCPU=

At least 2 options are relevant:
LimitRTPRIO=infinity
LimitMEMLOCK=infinity

but I'm not knowledgeable enough on systemd units to figure out which one(s) would need a patch. I tried a few of them without success so far.


There is also the possibility it's a bug in systemd. Have a look at the following:
https://github.com/systemd/systemd/issues/29446

Wouldn't that imply that systemd should be respecting /etc/security/limits... ?

CC: (none) => smout.jan

Comment 4 Jan Smout 2024-02-14 01:02:09 CET 
Following the crumbs of my last sentence I found something here:

https://github.com/systemd/systemd/pull/11448

It appears to have been addressed 5 years ago, but we need to tell systemd to use pam_limits for it to work

Adding the following line to /etc/pam.d/systemd-user

   session  required   pam_limits.so

and a reboot (yep, relogin blocked on sddm login... it spawned a second systemd --user session, uggh) worked for me.

$ ulimit -r
99

$ grep -E locked\ memory\|realtime\ priority /proc/$(pidof systemd)/limits
Max locked memory         unlimited            unlimited            bytes     
Max realtime priority     99                   99                   


...and jack and Ardour are happy again ^_^
Comment 5 Dave Hodgins 2024-02-14 01:39:35 CET 
Changing the source rpm as /etc/pam.d/systemd-user is owned by systemd.

Adding Stig-Ørjan to cc list as the latest packager to make changes to systemd.

CC: (none) => davidwhodgins, smelror
Source RPM: jackit 1.9.21-3.mga9, qjackctl-0.9.9-1.mga9 => systemd-253.10-1.1.mga9

Comment 6 Stig-Ørjan Smelror 2024-02-14 06:52:59 CET 
systemd 253.12-2 built for Cauldron.
Comment 7 Stig-Ørjan Smelror 2024-02-14 06:58:07 CET 
Advisory
========

systemd-users was missing pam_limits.so for realtime audio for use with jackd. Adding this so that it works as expected.


References
==========


Files
=====

Uploaded to core/updates_testing

lib64udev-devel-253.10-1.2.mga9
lib64udev1-253.10-1.2.mga9
systemd-devel-253.10-1.2.mga9
systemd-homed-253.10-1.2.mga9
lib64systemd0-253.10-1.2.mga9
nss-myhostname-253.10-1.2.mga9
systemd-tests-253.10-1.2.mga9
systemd-253.10-1.2.mga9

from systemd-253.10-1.2.mga9.src.rpm

Assignee: pkg-bugs => qa-bugs

Comment 8 Jan Smout 2024-02-14 12:13:45 CET 
installed and tested ok for systemd-253.10-1.2.mga9
Marja Van Waes 2024-02-14 16:14:21 CET

CC: (none) => marja11
Keywords: (none) => advisory

Comment 9 Dave Hodgins 2024-02-14 18:30:33 CET 
Validating

Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 10 Mageia Robot 2024-02-15 00:03:44 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2024-0054.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.