set_mempolicy: Operation not permitted in container building phase
4406arthur opened this issue · 8 comments
As the title , does it will cause the performance issue ?
I found my case will slower than php56...
Is there a reason you are building these images rather than using the ones we publish on docker hub? This is now relatively out of date.
This message also shows up when using our images, but I'v enot looked into what's causing it or what the effects are.
I added config options to stop the warning. Disabling the perf event system stops the warnings.
@mofarrell Would you mind sharing the config options that one can set to stop this from happening? I am still seeing this on:
$ hhvm --version
set_mempolicy: Operation not permitted
HipHop VM 3.21.0 (rel)
Compiler: tags/HHVM-3.21.0-0-gbdbaff80f67e02080f1ea377d30efee63f10126d
Repo schema: 1381c379b9e7d8cd9efa2ce49aeb6f699919dc3a
Our current dockerfile templates look like this:
hhvm template:
FROM ubuntu:%(basever)s
ENV HHVM_DISABLE_NUMA true
RUN apt-key adv --recv-keys --keyserver \
hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
RUN apt-get update -y && apt-get install -y software-properties-common \
&& add-apt-repository "deb http://dl.hhvm.com/ubuntu %(distribution)s main" \
&& apt-get update -y \
&& apt-get install -y hhvm=%(version)s~%(basesys)s \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
hhvm proxygen template:
FROM hhvm/hhvm:%(version)s
RUN mkdir -p /var/www/public
ADD server.ini /etc/hhvm/server.ini
RUN touch /etc/hhvm/site.ini
EXPOSE 80
CMD ["/usr/bin/hhvm", "-m", "server", "-c", "/etc/hhvm/server.ini", "-c", "/etc/hhvm/site.ini"]
server.ini for the hhvm proxygen image:
; php options
pid = /var/run/hhvm/pid
; hhvm specific
hhvm.server.port = 80
hhvm.server.type = proxygen
hhvm.server.allow_run_as_root = true
hhvm.server.default_document = index.php
hhvm.server.error_document404 = index.php
hhvm.repo.central.path = /var/run/hhvm/hhvm.hhbc
hhvm.server.source_root=/var/www/public
hhvm.profile_hw_enable=false
; default log location is stdout/err, which is good for docker
hhvm.log.use_log_file = true
Using settings that change users will violate docker's default security policy. Either start as the desired user, or use the allow_run_as_root option as above.
Is there a way to get that error to go away without running docker in privileged mode? I am trying to get hhvm to run arbitrary user-generated code, and don't want to allow docker to have access to anything on the host server that it doesn't absolutely need.
@ephraimrothschild Are you running with our docker images? They should not have this error. The error is due to HHVM asking the system information about its numa configuration (which docker prohibits). This can't be configured using our runtime options since they are initialized after the numa configuration is setup. We created an environment variable that disables numa use entirely HHVM_DISABLE_NUMA. This is set to true in our docker images, and should stop the error.
@mofarrell we've regressed in 3.18.2+ - 3.21 and 3.22 seem fine:
fredemmott-fb:hhtest fredemmott$ docker run hhvm/hhvm:3.18.1 hhvm --version
HipHop VM 3.18.1 (rel)
Compiler: tags/HHVM-3.18.1-0-g4f792a827d9b6fcc4bcd7940a1b92280f3fdedc3
Repo schema: b9aebb86bbda024eeeed6f608c9a49076563f9c7
fredemmott-fb:hhtest fredemmott$ docker run hhvm/hhvm:3.18.2 hhvm --version
set_mempolicy: Operation not permitted
HipHop VM 3.18.2 (rel)
Compiler: tags/HHVM-3.18.2-0-g1e28cfedefb439554cae05f1721bd6ea60c31839
Repo schema: 7aa473404e83b5cd2d1a53c6f3200a3a9012f2f1
fredemmott-fb:hhtest fredemmott$ docker run hhvm/hhvm:3.18.5 hhvm --version
set_mempolicy: Operation not permitted
HipHop VM 3.18.5 (rel)
Compiler: tags/HHVM-3.18.5-0-g61f6a1f9a199c929980408aff866f36a7b4a1515
Repo schema: 514949365dd9d370d84ea5a6db4a3dd3b619e484