From 5eef4db853e17753a7ccb8fffdf4be6d992ae23a Mon Sep 17 00:00:00 2001
From: John Kacur <jkacur@redhat.com>
Date: Tue, 19 May 2026 16:11:58 -0400
Subject: [PATCH] Print warning if setting affinity results in EPERM and
 continue

Resolves: RHEL-174266
Signed-off-by: John Kacur <jkacur@redhat.com>
---
 ...ng-if-setting-affinity-results-in-EP.patch | 41 +++++++++++++++++++
 tuna.spec                                     |  7 +++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 tuna-Print-warning-if-setting-affinity-results-in-EP.patch

diff --git a/tuna-Print-warning-if-setting-affinity-results-in-EP.patch b/tuna-Print-warning-if-setting-affinity-results-in-EP.patch
new file mode 100644
index 0000000..07da5bb
--- /dev/null
+++ b/tuna-Print-warning-if-setting-affinity-results-in-EP.patch
@@ -0,0 +1,41 @@
+From 625edd878154bdf1d320c8a873e82899dcd5c97e Mon Sep 17 00:00:00 2001
+From: John Kacur <jkacur@redhat.com>
+Date: Wed, 6 May 2026 11:49:13 -0400
+Subject: [PATCH] tuna: Print warning if setting affinity results in EPERM and
+ continue
+
+When trying to isolate a CPU, if setting the affinity on a process fails
+with EPERM (Operation not permitted), this can occur due to security
+restrictions, namespace isolation, or lack of capabilities.
+
+This is commonly seen with PID 1 (systemd/init) even when running as root,
+particularly when using 'su -c' which may not grant full capabilities, or
+when SELinux/AppArmor policies restrict the operation.
+
+tuna should print a warning that this pid could not be moved, and continue
+processing other processes, similar to how EBUSY errors are handled.
+
+Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>
+Signed-off-by: John Kacur <jkacur@redhat.com>
+---
+ tuna/tuna.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/tuna/tuna.py b/tuna/tuna.py
+index ef60c033362d..8e57cddd0c13 100755
+--- a/tuna/tuna.py
++++ b/tuna/tuna.py
+@@ -370,6 +370,10 @@ def isolate_cpus(cpus, nr_cpus):
+                     comm = ps[pid].stat["comm"]
+                     print(f'Warning: Unable to isolate pid {pid} [{comm}]')
+                     continue
++                if err.args[0] == errno.EPERM:
++                    comm = ps[pid].stat["comm"]
++                    print(f'Warning: Unable to isolate pid {pid} [{comm}]')
++                    continue
+                 raise err
+ 
+         if "threads" not in ps[pid]:
+-- 
+2.54.0
+
diff --git a/tuna.spec b/tuna.spec
index 4c77417..2044a41 100644
--- a/tuna.spec
+++ b/tuna.spec
@@ -2,7 +2,7 @@
 
 Name: tuna
 Version: 0.20
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPL-2.0-only AND LGPL-2.1-only
 Summary: Application tuning GUI & command line utility
 Source: https://www.kernel.org/pub/software/utils/%{name}/%{name}-%{version}.tar.xz
@@ -20,6 +20,7 @@ BuildRequires: gettext
 # Patches
 Patch1: tuna-Disable-the-tuna-apply-functionality.patch
 Patch2: tuna-Remove-tuna-apply-from-the-man-page.patch
+Patch3: tuna-Print-warning-if-setting-affinity-results-in-EP.patch
 
 %description
 Provides interface for changing scheduler and IRQ tunables, at whole CPU and at
@@ -84,6 +85,10 @@ done
 %{_datadir}/polkit-1/actions/org.tuna.policy
 
 %changelog
+* Tue May 19 2026 John Kacur <jkacur@redhat.com> - 0.20-5
+- Print warning if setting affinity results in EPERM and continue
+Resolves: RHEL-174266
+
 * Mon Jan 12 2026 John Kacur <jkacur@redhat.com> - 0.20-4
 - Disable tuna apply
 Resolves: RHEL-140840