28 Jan
2019
28 Jan
'19
2:13 a.m.
Hi list,
please help with a realtime permissions issue trying to start jackd via
my systemd service script on raspbian.
As root or as user peter (which is part of the audio group) I can start
jackd fine using either
jackd -v -R -d alsa -r 44100 -P
or
jackd -v -d alsa -r 44100 -P
No error message mention that realtime was (or wasn't) enabled. Is
this normal and intended?
Checking with htop, there are three jackd processes with a priority of
20 and on with -11. Does this mean that realtime is enabled?
Using mplayer as user peter I can play back audio via jack.
Now I try to start jackd automatically from a systemd service file
created as /etc/systemd/system/jackd.service with the following
contents:
[Unit]
Description=jackd
After=sound.target
[Service]
User=peter
ExecStart=/usr/bin/jackd -d alsa -r 44100 -P
[Install]
WantedBy=multi-user.target
I install that service with
sudo systemctl enable jackd.service
and run
sudo systemctl daemon-reload
after having changed the above service file.
When I start that service it fails with errors in the journal:
"JACK is running in realtime mode, but you are not allowed to use
realtime scheduling."
and
"Please check your /etc/security/limits.conf for the following line"
and so on. Messages that are not present when starting jackd as user
from the command line.
Now I am puzzled because I thought that it is enough to specify user
"peter" in the systemd service.
Well if I comment the line
User=peter
out and start the service again, jackd runs. It is five processes
with priority 20 and one with -11.
The stupid thing now is that the normal user peter can use that jackd:
Mplayer tells me that
"connect(2) call to /tmp/jack-1000/default/jack_0 failed (err=No such
file or directory)"
So I reckon that a user can't use a jackd started by another user, or
root?
Now I removed above service and installed it as user service
~/.local/share/systemd/user/jackd.service and contents:
[Unit]
Description=jackd
After=sound.target
[Service]
User=peter
ExecStart=/usr/bin/jackd -d alsa -r 44100 -P
[Install]
WantedBy=default.target
It gets installed with
systemctl --user enable jackd.service
and started with
systemctl --user start jackd.service
Jackd is now started and can be used with mplayer. But the systemd
service is no longer started at boot not at login of user peter. I have
to run:
systemctl --user start jackd.service
Also trying
loginctl enable-linger peter
does not help. The general question remains: How can I run a systemd user
service without that user being logged in?
Another way recommended at
https://www.linux.org.ru/forum/admin/10795275
or
https://ask.fedoraproject.org/en/question/131584/jack-fluidsynth-as-user-sy…
is to add some lines specifying Limits.
[Unit]
Description=jackd
After=sound.target
[Service]
User=peter
LimitRTPRIO=infinity
LimitMEMLOCK=infinity
ExecStart=/usr/bin/jackd -d alsa -r 44100 -P
[Install]
WantedBy=multi-user.target
It does not start jackd with the same error as above.
"JACK is running in realtime mode, but you are not allowed to use
realtime scheduling."
and
"Please check your /etc/security/limits.conf for the following line"
Now this took me four hours so far without success and I wonder what is
a functional way to use jackd via systemd on a headless computer in
2019. All comments are very welcome!
Peter
28 Jan
28 Jan
2:59 a.m.
On Mon, 28 Jan 2019, Peter P. wrote:
Now I try to start jackd automatically from a systemd
service file
created as /etc/systemd/system/jackd.service with the following
why /etc/systemd/system and not /etc/systemd/user/?
contents:
[Unit]
Description=jackd
After=sound.target
[Service]
User=peter
Does systemd allow Group=audio
ExecStart=/usr/bin/jackd -d alsa -r 44100 -P
Would it be better starting a bash -l -c to wrap jackd?
You seem to be wanting to run this before any user is logged in. Does that
mean the user will run automatically or unattended? If so, I would use a
multi-terminal text session manager like screen which can start itself
with a number of processes running. If started by dbus-launch, you would
still have that functionality as well. hmm, I am thinking about this and
realizing I have not tried this trick with systemd, but /etc/rc.local
(which should still work with systemd).
OK, from:
http://man7.org/linux/man-pages/man5/systemd.exec.5.html
Group=audio
would start things as group audio and may have trouble writing logs etc.
to the user directorys.
starting the commandline with + has some effect on this but if that opens
things or restricts them I am not sure.
SupplementaryGroups=audio may give both group=user and group=audio
Systemd should be set up for security and as such default to a lower
security level rather than higher. So even though the user is a part of
more than one group, the actual groups needed by the process may need to
all listed.
--
Len Ovens
www.ovenwerks.net
2:04 p.m.
Hi Len,
* Len Ovens <len(a)ovenwerks.net> [2019-01-28 01:59]:
Had success without Group setting (see other email)
now, thank you!
I would like to execute it
from systemd right away to benfit from its
restart features, inter-unit dependecies and logging facilities.
On Mon, 28 Jan 2019, Peter P. wrote:
Frankly, I don't know. It
seems there are about three different places
for system-wide service files on Debian and I don't know if the
/etc/systemd/user/ is for user-supplied services or for user-services
installed system-wide or whatever. I read that /etc/systemd/system is
the place for things to go in and which will be untouched by apt
upgrade.
Now I try to start jackd automatically from a
systemd service file
created as /etc/systemd/system/jackd.service with the following
why /etc/systemd/system and not /etc/systemd/user/? contents:
[Unit]
Description=jackd
After=sound.target
[Service]
User=peter
Does systemd allow Group=audio ExecStart=/usr/bin/jackd -d alsa -r 44100 -P
Would it be better starting a bash -l -c to wrap jackd? You seem to be wanting to run this before any user is
logged in. Does that
mean the user will run automatically or unattended? If so, I would use a
multi-terminal text session manager like screen which can start itself with
a number of processes running. If started by dbus-launch, you would still
have that functionality as well. hmm, I am thinking about this and realizing
I have not tried this trick with systemd, but /etc/rc.local (which should
still work with systemd).
I am trying systemd for the reason given above. There
"must" be an
advantage of having it inside my OS and I want to put it to use. :)
OK, from:
http://man7.org/linux/man-pages/man5/systemd.exec.5.html
Group=audio
would start things as group audio and may have trouble writing logs etc. to
the user directorys.
starting the commandline with + has some effect on this but if that opens
things or restricts them I am not sure.
SupplementaryGroups=audio may give both group=user and group=audio
Systemd should be set up for security and as such default to a lower
security level rather than higher. So even though the user is a part of more
than one group, the actual groups needed by the process may need to all
listed.
It seems to specify limits in the service file is the way to go.
Thanks again!
P
1 Feb
1 Feb
3:14 a.m.
Am Montag, 28. Januar 2019, 13:04:36 CET schrieb Peter P.:
* Len Ovens <len(a)ovenwerks.net> [2019-01-28
01:59]:
See the section "UNIT FILE LOAD PATH" in systemd.unit(5) for a detailed
overview of the paths systemd looks at for unit files. From there you can see
that you can also put user units in your home directory under ~/.config/
systemd/user/, which is what I do (although pretty much all software I use now
provides its own user units, so I don't have much in there now). Of course,
if you prefer /etc/ that is also fine and the units will be available to all
users (so the answer is: /etc/systemd/user/ is for user units installed
system-wide *by the administrator*).
HTH
--
Marc Joliet
--
"People who think they know everything really annoy those of us who know we
don't" - Bjarne Stroustrup
On Mon, 28 Jan 2019, Peter P. wrote:
Frankly, I don't know. It seems there are about three different places
for system-wide service files on Debian and I don't know if the
/etc/systemd/user/ is for user-supplied services or for user-services
installed system-wide or whatever. I read that /etc/systemd/system is
the place for things to go in and which will be untouched by apt
upgrade. Now I try to start jackd automatically from a
systemd service file
created as /etc/systemd/system/jackd.service with the following
why /etc/systemd/system and not /etc/systemd/user/? 
28 Jan
28 Jan
9:35 a.m.
On 28/01/2019 01.12, Peter P. wrote:
Now I try to start jackd automatically from a systemd
service file
created as /etc/systemd/system/jackd.service with the following
contents:
[Unit]
Description=jackd
After=sound.target
[Service]
User=peter
ExecStart=/usr/bin/jackd -d alsa -r 44100 -P
[Install]
WantedBy=multi-user.target
When I start that service it fails with errors in the journal:
"JACK is running in realtime mode, but you are not allowed to use
realtime scheduling."
and
"Please check your /etc/security/limits.conf for the following line"
and so on. Messages that are not present when starting jackd as user
from the command line.
Now I am puzzled because I thought that it is enough to specify user
"peter" in the systemd service.
When using systemd to start the service, use systemd directives to set
the limits. systemd won't start PAM session for this service, so
/etc/security/limits.conf is not used.
Try adding:
LimitRTPRIO=95
LimitMEMLOCK=infinity
to the [Service] section of your jackd.service file.
See `man systemd.unit` fro more info on setting the limits in a service
file.
Greets,
Jacek
1:59 p.m.
Thanks Jacek your kind reply!
I can confirm that the service starts up as system service and launches
jackd with (what I hope are) realtime priorities as user peter after
correcting it to
User=peter
LimitRTPRIO=i95
LimitMEMLOCK=infinity
ExecStart=/usr/bin/jackd -d alsa -r 44100 -P
* Jacek Konieczny <jajcus(a)jajcus.net> [2019-01-28 08:36]:
On 28/01/2019 01.12, Peter P. wrote:
Now I try to start jackd automatically from a
systemd service file
created as /etc/systemd/system/jackd.service with the following
contents:
[Unit]
Description=jackd
After=sound.target
[Service]
User=peter
ExecStart=/usr/bin/jackd -d alsa -r 44100 -P
[Install]
WantedBy=multi-user.target
When I start that service it fails with errors in the journal:
"JACK is running in realtime mode, but you are not allowed to use
realtime scheduling."
and
"Please check your /etc/security/limits.conf for the following line"
and so on. Messages that are not present when starting jackd as user
from the command line.
Now I am puzzled because I thought that it is enough to specify user
"peter" in the systemd service.
When using systemd to start the service, use systemd directives to set
the limits. systemd won't start PAM session for this service, so
/etc/security/limits.conf is not used.
Try adding:
LimitRTPRIO=95
LimitMEMLOCK=infinity
to the [Service] section of your jackd.service file.
See `man systemd.unit` fro more info on setting the limits in a service
file.
Greets,
Jacek
_______________________________________________
Linux-audio-user mailing list
Linux-audio-user(a)lists.linuxaudio.org
https://lists.linuxaudio.org/listinfo/linux-audio-user 
4:15 p.m.
Jacek Konieczny <jajcus(a)jajcus.net> writes:
When using systemd to start the service, use systemd
directives to set
the limits. systemd won't start PAM session for this service, so
/etc/security/limits.conf is not used.
Which kind of defeats the purpose of PAM being a central configuration
for all your machine's security policies, doesn't it? Isn't it nice
knowing that even if you've done everything just right in /etc/pam.d, it
might not matter because some parts of your system don't believe in PAM?
Someday soon, if Red Hat keeps taking Linux in this direction, every
config file in /etc will be like this, vestigial remains of a time when
Linux machines were setup similar to other UNIX systems, now no longer
used by any facility on your machine. Hail, systemd!
--
- Brent Busby + ===============================================
+ "The introduction of a new kind of music must
-- Studio -- + be shunned as imperiling the whole state, for
-- Amadeus/ -- + styles of music are never disturbed without
-- Keycorner -- + without affecting the most important political
-- Recording -- + institutions." --Plato, "Republic"
----------------+ ===============================================
4:42 p.m.
On 28/01/2019 15.14, Brent Busby wrote:
Jacek Konieczny <jajcus(a)jajcus.net> writes:
PAM is not a central configuration for machine's security polices. It
has never been. PAM is just used for setting up user login sessions.
PAM has no relations to processes running with user credentials outside
of a login session and Jack server is not a service which necessarily
needs to be bound to a used session. Especially in an embedded scenario,
like a Raspberry Pi-based system.
Setting up a user-session via PAM is an overkill for a system-wide
daemon (and jack becomes such in this use case) and setting process
limits for such a daemon in through the init process is the best place
to do it.
When using systemd to start the service, use
systemd directives to set
the limits. systemd won't start PAM session for this service, so
/etc/security/limits.conf is not used.
Which kind of defeats the purpose of PAM being a central configuration
for all your machine's security policies, doesn't it? Someday soon, if Red Hat keeps taking Linux in this
direction, every
config file in /etc will be like this, vestigial remains of a time when
Linux machines were setup similar to other UNIX systems, now no longer
used by any facility on your machine. Hail, systemd!
Although some systemd based setups had problems with PAMs settings being
ignored in a user session, this is not the case.
Starting jackd from /etc/systemd/system unit is like starting it from
/etc/init.d script. PAM wouldn't be used there (unless someone forces it
through 'su -') even long time before systemd was a thing.
Jacek
1:26 p.m.
On 2019-01-28 01:12:52 (+0100), Peter P. wrote:
Now this took me four hours so far without success and
I wonder what
is a functional way to use jackd via systemd on a headless computer in
2019. All comments are very welcome!
I recommend going the systemd user service
way. I have a templated
unit [1], that I use with specific preset device configurations [2].
If this should start automatically on boot, you need to enable linger
for your user (using loginctl)!
Note, when starting in a systemd user unit, the process is started
outside of your user's session .scope, but below your user's
@user.service (see loginctl user-status <your-user-name> for reference).
That's why the PAM related limits.conf won't apply.
Best,
David
[1] https://git.sleepmap.de/config/dotfiles.git/tree/.config/systemd/user/jack@…
[2] https://git.sleepmap.de/config/dotfiles.git/tree/.config/jack
--
https://sleepmap.de
2:12 p.m.
* David Runge <dave(a)sleepmap.de> [2019-01-28 12:26]:
On 2019-01-28 01:12:52 (+0100), Peter P. wrote:
Wow, this looks great! Do you know if lingering is
enabled persistently
with that one logintcl command?
Now this took me four hours so far without
success and I wonder what
is a functional way to use jackd via systemd on a headless computer in
2019. All comments are very welcome!
I recommend going the systemd user service
way. I have a templated
unit [1], that I use with specific preset device configurations [2].
If this should start automatically on boot, you need to enable linger
for your user (using loginctl)! Note, when starting in a systemd user unit, the
process is started
outside of your user's session .scope, but below your user's
@user.service (see loginctl user-status <your-user-name> for reference).
That's why the PAM related limits.conf won't apply.
Understood! Any reason
you specify
LimitRTTIME=infinity
and no
LimitRTTIME=infinity
?
cheers, P
1 Feb
1 Feb
3:34 a.m.
Am Montag, 28. Januar 2019, 13:12:39 CET schrieb Peter P.:
* David Runge <dave(a)sleepmap.de> [2019-01-28
12:26]:
Yes, it is. You can see the current setting with "loginctl show-user
<username> | grep Linger".
HTH
--
Marc Joliet
--
"People who think they know everything really annoy those of us who know we
don't" - Bjarne Stroustrup
On 2019-01-28 01:12:52 (+0100), Peter P. wrote:
Wow, this looks great! Do you know if lingering is enabled persistently
with that one logintcl command? Now this took me four hours so far without
success and I wonder what
is a functional way to use jackd via systemd on a headless computer in
2019. All comments are very welcome!
I recommend going the systemd user service way. I have a templated
unit [1], that I use with specific preset device configurations [2].
If this should start automatically on boot, you need to enable linger
for your user (using loginctl)!
21 Jan
21 Jan
7:19 p.m.
(For some reason I never sent this, and while it's almost a year later, I
think it might be useful just to have it on record in the ML, to make things
easier for people reading this thread in the archives.)
Am Montag, 28. Januar 2019, 12:26:54 CET schrieb David Runge:
On 2019-01-28 01:12:52 (+0100), Peter P. wrote:
The other thing that I don't think was mentioned in this thread is that you
will need to add your user to the audio group (if that's not already the case)
because systemd-logind normally gives your user access to certain devices
(including audio devices) by setting ACLs on the device node in /dev/ *when
you login*, e.g.:
% getfacl /dev/snd/seq
getfacl: Removing leading '/' from absolute path names
# file: dev/snd/seq
# owner: root
# group: audio
user::rw-
user:marcec:rw-
group::rw-
mask::rw-
other::---
Since you're not logging in, that won't get triggered, so even with lingering
enabled, anything requiring access to these devices won't work.
The device access concepts are documented in [0] and also in sd-login(3), from
which one could deduce the above, but it's not explicitly pointed out anywhere
AFAICT (I think I had it pointed out to me on a Gentoo ML).
[0] https://www.freedesktop.org/wiki/Software/systemd/multiseat/
HTH
--
Marc Joliet
--
"People who think they know everything really annoy those of us who know we
don't" - Bjarne Stroustrup
Now this took me four hours so far without
success and I wonder what
is a functional way to use jackd via systemd on a headless computer in
2019. All comments are very welcome!
I recommend going the systemd user service way. I have a templated
unit [1], that I use with specific preset device configurations [2].
If this should start automatically on boot, you need to enable linger
for your user (using loginctl)! 
31 Jan
31 Jan
11:04 a.m.
Il giorno lunedì 28/01/2019 01:12:52 +0100
"Peter P." <peterparker(a)fastmail.com> ha scritto:
Hi list,
please help with a realtime permissions issue trying to start jackd via
my systemd service script on raspbian.
[...]
Now this took me four hours so far without success and I wonder what is
a functional way to use jackd via systemd on a headless computer in
2019. All comments are very welcome!
Being systemd a complete nightmare (which turns your machine to a windows-like
system), simply stop using it and migrate to a systemd-free system.
I suggest considering Devuan [1] (which is the distribution I am using since
2016), which also has an 'embedded' ARM release [2] for the Raspberry platforms.
Regards
[1] https://devuan.org/
[2] https://devuan.ksx4system.net/devuan_ascii/embedded/
(other mirrors here: https://devuan.org/get-devuan)
--
al3xu5 / dotcommon
Say NO to copyright, patents, trademarks and any industrial design restrictions.
______________________________________________________________________
15 Feb
15 Feb
12:44 a.m.
On 1/28/19 1:12 AM, Peter P. wrote:
Hi list,
please help with a realtime permissions issue trying to start jackd via
my systemd service script on raspbian.
http://jack-audio.10948.n7.nabble.com/Jack-Devel-Some-observations-re-Jack-…
--
Jörn Nettingsmeier
Tuinbouwstraat 180, 1097 ZB Amsterdam, Nederland
Tel. +49 177 7937487
Meister für Veranstaltungstechnik (Bühne/Studio), Tonmeister VDT
http://stackingdwarves.net
1762
days inactive
2120
days old
linux-audio-user@lists.linuxaudio.org
13 comments
8 participants
participants (8)
-
al3xu5 / dotcommon -
Brent Busby -
David Runge -
Jacek Konieczny -
Jörn Nettingsmeier -
Len Ovens -
Marc Joliet -
Peter P.