sched_setscheduler returns -EPERM

This document (7012851) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Server 11 Service Pack 2


When using a system built with the Common Criteria EAL4+ certified configuration profile,
applications written to use a real-time scheduling policy may error when attempting to set
the scheduling policy.

An strace of such an application may show:

6393  sched_getscheduler(6393)          = 0 (SCHED_OTHER)
6393  sched_setscheduler(6393, SCHED_FIFO, { 70 }) = -1 EPERM (Operation not permitted)


If scheduling classes other than SCHED_OTHER, SCHED_IDLE or SCHED_BATCH
are required, Control Group functionality should be disabled.

To do so, disable the cgconfig service from starting at boot time

# chkconfig cgconfig off

and reboot.


The Common Criteria EAL4+ certified configuration prevents real-time
scheduling policy from being set for running processes as a side-effect
of the Control Group (cgroup) configuration initialized at boot time.

Control Group policy does not allow for a real-time scheduling policy
to be set without allocating a run-time budget, which is not set by the
provided configuration.

Additional Information

Control Groups (cgroups) are a kernel feature that allows aggregating or
partitioning tasks (processes) and all their children into hierarchical organized

The implications of disabling cgroups for the security of the system are neglectable.
No additional integrity value is achieved through the use of cgroups.

Please do not hesitate to contact if you have any questions.


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7012851
  • Creation Date: 16-Jul-2013
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center