PAM SC 14.1 documentation states the following
To start seosd with a real-time priority on newer Linux distributions with active cgroups, the native /usr/bin/cgexec binary must be present. The native binary is normally contained in the libcgroup-tools rpm.
However libcgroup has been deprecated in higher versions of Redhat, notably in versions above 7.7
This document discusses how seosd runs in real time priority (RT) in the latest versions of RHEL
CA PAM SC 14.1.X on RHEL versions above 7.7
While RT is a feature present in all recent Linux kernels, it depends on tools that can be packaged differently by different vendors and user-space area also still changes
To clarify this subject:
/root> ps -e -o rtprio,pri,comm | sed -n '1p;/seosd/p'
RTPRIO PRI COMMAND
98 138 seosd
If you there is number in the RTPRIO column for seosd, it is already running at RT priority and nothing has to be done.
seosd is likely to run like this even on newest distributions, e.g., RHEL 9.2, where cgroups component are installed by default, unless one creates and enables actual cgroups and uses CPU allocations.
PAM SC installation already displays a note with a similar explanation than this one:
/tmp> rpm -U CAeAC-1500-0.478.x86_64.rpm
Copyright © 2009-2024 Broadcom.
All rights reserved
Installation complete.
Check seos.ini file for the right configuration.
Installation process messages have been logged in /opt/CA/PAMSC/install.log.
Legal Notice: CA Privileged Access Manager Server Control 1500 may use Wildfly Application Server v.8.2.1
and Wildfly v.12.0.0 service scripts, which are licensed under the Lesser General Public License (LGPL).
Copies of Wildfly Application Server v.8.2.1, Wildfly v.12.0.0 service scripts and the LGPL are provided
by a separate installation. Use of Wildfly Application Server v.8.2.1 and
Wildfly v.12.0.0 service scripts is subject to the terms of the LGPL as set forth in such installation.
Transferring token settings from the pre-upgrade seos.ini file
NOTE: Make sure the /usr/bin/cgexec binary is present on the system
so that seosd can be started to run at real-time priority when <--- the keyword here is "when" ...
cgroups are enabled and used.
Please refer to the log file for full information.