Merge pull request #259066 from thiagokokada/add-renice-sway

nixos/sway: add enableRealtime option
2023-10-09 19:53:51 +01:00 · 2023-10-09 19:53:51 +01:00 · e7a621f8e9
commit e7a621f8e9
parent b05f397e14 63fce4ce48
3 changed files with 56 additions and 0 deletions
--- a/nixos/modules/programs/wayland/sway.nix
+++ b/nixos/modules/programs/wayland/sway.nix
@ -42,6 +42,11 @@ in {
      <https://github.com/swaywm/sway/wiki> and
      "man 5 sway" for more information'');

+    enableRealtime = mkEnableOption (lib.mdDoc ''
+      add CAP_SYS_NICE capability on `sway` binary for realtime scheduling
+      privileges. This may improve latency and reduce stuttering, specially in
+      high load scenarios'') // { default = true; };
+
    package = mkOption {
      type = with types; nullOr package;
      default = defaultSwayPackage;
@ -149,6 +154,14 @@ in {
            "sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config";
          };
        };
+        security.wrappers = mkIf (cfg.enableRealtime && cfg.package != null) {
+          sway = {
+            owner = "root";
+            group = "root";
+            source = "${cfg.package}/bin/sway";
+            capabilities = "cap_sys_nice+ep";
+          };
+        };
        # To make a Sway session available if a display manager like SDDM is enabled:
        services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; }
      (import ./wayland-session.nix { inherit lib pkgs; })
--- a/pkgs/applications/window-managers/sway/default.nix
+++ b/pkgs/applications/window-managers/sway/default.nix
@ -44,6 +44,8 @@ stdenv.mkDerivation (finalAttrs: {
    # Use /run/current-system/sw/share and /etc instead of /nix/store
    # references:
    ./sway-config-nixos-paths.patch
+    # Drop ambient capabilities after getting SCHED_RR
+    ./drop_ambient_capabilities.patch
  ];

  strictDeps = true;
--- a/pkgs/applications/window-managers/sway/drop_ambient_capabilities.patch
+++ b/pkgs/applications/window-managers/sway/drop_ambient_capabilities.patch
@ -0,0 +1,41 @@
+From e7d9098e81289ae99d07ec3eac1fec1d303b8fe4 Mon Sep 17 00:00:00 2001
+From: Thiago Kenji Okada <thiagokokada@gmail.com>
+Date: Thu, 5 Oct 2023 15:23:35 +0100
+Subject: [PATCH] drop ambient capabilities
+
+Within NixOS the only possibility to gain cap_sys_nice is using the
+security.wrapper infrastructure. However to pass the capabilities to the
+wrapped program, they are raised to the ambient set. To fix this we make
+sure to drop the ambient capabilities during sway startup and realtime
+setup. Otherwise all programs started by sway also gain cap_sys_nice,
+which is not something we want.
+
+Co-authored-by: Rouven Czerwinski <rouven@czerwinskis.de>
+---
+ sway/realtime.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sway/realtime.c b/sway/realtime.c
+index 11154af0..06f872a8 100644
+--- a/sway/realtime.c
+++ b/sway/realtime.c
+@@ -3,6 +3,7 @@
+ #include <unistd.h>
+ #include <pthread.h>
+ #include "sway/server.h"
+#include "sys/prctl.h"
+ #include "log.h"
+ 
+ static void child_fork_callback(void) {
+@@ -10,6 +11,8 @@ static void child_fork_callback(void) {
+ 
+ 	param.sched_priority = 0;
+ 
+	prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0);
+
+ 	int ret = pthread_setschedparam(pthread_self(), SCHED_OTHER, &param);
+ 	if (ret != 0) {
+ 		sway_log(SWAY_ERROR, "Failed to reset scheduler policy on fork");
+-- 
+2.42.0
+