You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After updating to 1.9.4 irqbalance stopped working.
Upon starting it I see a lot of errors like these:
Apr 01 10:45:24 Anteaus systemd[1]: Started irqbalance daemon.
Apr 01 10:45:34 Anteaus irqbalance[14264]: Cannot change IRQ 70 affinity: Read-only file system
Apr 01 10:45:34 Anteaus irqbalance[14264]: IRQ 70 affinity is now unmanaged
Apr 01 10:45:34 Anteaus irqbalance[14264]: Cannot change IRQ 83 affinity: Read-only file system
Apr 01 10:45:34 Anteaus irqbalance[14264]: IRQ 83 affinity is now unmanaged
Apr 01 10:45:34 Anteaus irqbalance[14264]: Cannot change IRQ 73 affinity: Read-only file system
Apr 01 10:45:34 Anteaus irqbalance[14264]: IRQ 73 affinity is now unmanaged
Apr 01 10:45:34 Anteaus irqbalance[14264]: Cannot change IRQ 91 affinity: Read-only file system
Apr 01 10:45:34 Anteaus irqbalance[14264]: IRQ 91 affinity is now unmanaged
Apr 01 10:45:34 Anteaus irqbalance[14264]: Cannot change IRQ 81 affinity: Read-only file system
Apr 01 10:45:34 Anteaus irqbalance[14264]: IRQ 81 affinity is now unmanaged
Apr 01 10:45:34 Anteaus irqbalance[14264]: Cannot change IRQ 71 affinity: Read-only file system
...
The error repeats for all manageable IRQs in my system. All of the IRQs it's complaining about can be manage from a root shell via the proc filesystem, eg. echo 5-7 > /proc/irq/70/smp_affinity_list.
This issue did not occur with 1.9.3.
I noticed that 1.9.4 sets ProtectKernelTunables=yes in it's systemd unit. After removing that restriction via override.conf
irqbalance does not output these errors any more. Checking /proc/irq/*/smp_affinity_list confirms that IRQs are managed as intended.
I am using systemd 255.4. Kernel version is 6.8.2.
I believe ProtectKernelTunables=yes should be removed from irqbalance's systemd unit file. The man page, systemd.exec(5), confirms that it is supposed to restrict access to /proc/irq:
ProtectKernelTunables=
Takes a boolean argument. If true, kernel variables accessible through /proc/sys/, /sys/, /proc/sysrq-trigger, /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs
and /proc/irq will be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at boot-time, for example with the
sysctl.d(5) mechanism. Few services need to write to these at runtime; it is hence recommended to turn this on for most services. For this setting the same restrictions
regarding mount propagation and privileges apply as for ReadOnlyPaths= and related calls, see above. Defaults to off. Note that this option does not prevent indirect changes
to kernel tunables effected by IPC calls to other processes. However, InaccessiblePaths= may be used to make relevant IPC file system objects inaccessible. If
ProtectKernelTunables= is set, MountAPIVFS=yes is implied.
This option is only available for system services, or for services running in per-user instances of the service manager in which case PrivateUsers= is implicitly enabled
(requires unprivileged user namespaces support to be enabled in the kernel via the "kernel.unprivileged_userns_clone=" sysctl).
Added in version 232.
The text was updated successfully, but these errors were encountered:
After updating to 1.9.4 irqbalance stopped working.
Upon starting it I see a lot of errors like these:
The error repeats for all manageable IRQs in my system. All of the IRQs it's complaining about can be manage from a root shell via the proc filesystem, eg.
echo 5-7 > /proc/irq/70/smp_affinity_list
.This issue did not occur with 1.9.3.
I noticed that 1.9.4 sets
ProtectKernelTunables=yes
in it's systemd unit. After removing that restriction via override.confirqbalance does not output these errors any more. Checking
/proc/irq/*/smp_affinity_list
confirms that IRQs are managed as intended.I am using systemd 255.4. Kernel version is 6.8.2.
I believe
ProtectKernelTunables=yes
should be removed from irqbalance's systemd unit file. The man page, systemd.exec(5), confirms that it is supposed to restrict access to /proc/irq:The text was updated successfully, but these errors were encountered: