Linux container with --cap-add SYS_NICE or --privileged mode fails on windows. #38631
Description
Description
Linux containers with additional capabilities fail in windows 10 - 1607 with Docker version 18.09.1, build 4c52b90 . Linux containers which require thread priority scheduling requires SYS_NICE capability. This works fine on linux but fails on windows. This is not resolved even running on privileged mode.
Steps to reproduce the issue:
- A strip down container testing thread scheduling available @ itsgk92/set_cap_test
- Run the container on Linux with SYS_NICE capability or privileged mode; behavior as in expected output below
- Run the same on Windows - fails with both cap-add and privileged.
Describe the results you received:
On Windows 10 - 1607 with Docker version 18.09.1, build 4c52b90
docker run -it itsgk92/set_cap_test
pthread_setschedparam: Operation not permitted
docker run -it --cap-add SYS_NICE itsgk92/set_cap_test
pthread_setschedparam: Operation not permitted
docker run -it --privileged itsgk92/set_cap_test
pthread_setschedparam: Operation not permitted
Describe the results you expected:
On Linux with Docker version 18.09.0, build 4d60db4:
$ docker run -it itsgk92/set_cap_test
pthread_setschedparam: Operation not permitted
$ docker run -it --cap-add SYS_NICE itsgk92/set_cap_test
Scheduler settings of main thread
policy=SCHED_FIFO, priority=10
Scheduler settings in 'attr'
policy=SCHED_RR, priority=20
inheritsched is EXPLICIT
Scheduler attributes of new thread
policy=SCHED_RR, priority=20
Additional information you deem important (e.g. issue happens only occasionally):
Output of docker version:
Docker version 18.09.1, build 4c52b90
Output of docker info:
Server Version: 18.09.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 96ec2177ae841256168fcf76954f7177af9446eb
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.125-linuxkit
Operating System: Docker for Windows
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.934GiB
Name: linuxkit-00155d561b07
ID: CIKM:WSST:4QWU:7HKG:BOPS:AYG4:2BSM:YDYT:QXTW:HNOO:5Q4M:7N2A
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 23
Goroutines: 47
System Time: 2019-01-24T11:52:37.7840477Z
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
Additional environment details (AWS, VirtualBox, physical, etc.):