niceness on firegex process

backend/docker-entrypoint.sh

@@ -2,5 +2,5 @@
 
 chown nobody -R /execute/
 
-exec capsh --caps="cap_net_admin+eip cap_setpcap,cap_setuid,cap_setgid+ep" \
-    --keep=1 --user=nobody --addamb=cap_net_admin -- -c "python3 /execute/app.py DOCKER"
+exec capsh --caps="cap_net_admin,cap_setpcap,cap_setuid,cap_setgid,cap_sys_nice+eip" \
+    --keep=1 --user=nobody --addamb=cap_net_admin,cap_sys_nice -- -c "python3 /execute/app.py DOCKER"

backend/modules/nfproxy/firegex.py

@@ -7,6 +7,7 @@ from fastapi import HTTPException
 import time
 from utils import run_func
 from utils import DEBUG
+from utils import nicenessify
 
 nft = FiregexTables()
 
@@ -95,6 +96,7 @@ class FiregexInterceptor:
                 "FIREGEX_NFPROXY_SOCK": self.sock_path
             },
         )
+        nicenessify(-10, self.process.pid)
         self.outstrem_task = asyncio.create_task(self._stream_handler())
         try:
             async with asyncio.timeout(3):

backend/modules/nfregex/firegex.py

@@ -6,6 +6,7 @@ import asyncio
 import traceback
 from utils import DEBUG
 from fastapi import HTTPException
+from utils import nicenessify
 
 nft = FiregexTables()
 
@@ -106,6 +107,7 @@ class FiregexInterceptor:
                 "FIREGEX_NFQUEUE_FAIL_OPEN": "1" if self.srv.fail_open else "0",
             },
         )
+        nicenessify(-10, self.process.pid)
         line_fut = self.process.stdout.readuntil()
         try:
             line_fut = await asyncio.wait_for(line_fut, timeout=3)

backend/utils/__init__.py

@@ -207,3 +207,12 @@ def register_event(sio_server: AsyncServer, event_name: str, model: BaseModel, r
         return wrapper
     return decorator
 
+def nicenessify(priority:int, pid:int|None=None):
+    try:
+        pid = os.getpid() if pid is None else pid
+        ps = psutil.Process(pid)
+        if os.name == 'posix':
+            ps.nice(priority)
+    except Exception as e:
+        print(f"Error setting priority: {e} {traceback.format_exc()}")
+        pass