[libvirt] [PATCH] build: distribute tests/virfilecachedata
by Pavel Hrdina
Missed by 478f0c5b8575.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
Pushed under build-breaker rule.
tests/Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8349bbec41..a7aa973746 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -147,6 +147,7 @@ EXTRA_DIST = \
vircgroupdata \
virconfdata \
virfiledata \
+ virfilecachedata \
virjsondata \
virmacmaptestdata \
virmock.h \
--
2.13.3
7 years, 5 months
[libvirt] [PATCH] tests: add virfilecachedata to EXTRA_DIST
by Daniel P. Berrange
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
Pushed as a build fix
tests/Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8349bbec4..9a822f7d5 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -164,6 +164,7 @@ EXTRA_DIST = \
xml2sexprdata \
xml2vmxdata \
virstorageutildata \
+ virfilecachedata \
$(NULL)
test_helpers = commandhelper ssh
--
2.13.3
7 years, 5 months
[libvirt] [PATCH 0/2] Resolve linking issue of storage driver to apparmor helper
by Peter Krempa
Also drop support for building without loadable modules.
Peter Krempa (2):
make: Drop building without driver modules
security: apparmor: load the storage driver dynamically
daemon/Makefile.am | 57 ---------------
daemon/libvirtd.c | 54 +-------------
m4/virt-driver-modules.m4 | 24 +++----
src/Makefile.am | 160 +-----------------------------------------
src/driver.c | 8 +--
src/security/virt-aa-helper.c | 10 +--
src/storage/storage_backend.c | 11 +--
src/vbox/vbox_driver.c | 2 +-
src/vbox/vbox_driver.h | 6 +-
tests/Makefile.am | 6 --
tests/testutils.c | 2 -
tools/virsh.c | 3 -
12 files changed, 27 insertions(+), 316 deletions(-)
--
2.13.2
7 years, 5 months
[libvirt] [PATCH v2 0/3] properly handle '=' in the VNC socket path
by Pavel Hrdina
Pavel Hrdina (3):
qemu: capabilities: introduce QEMU_CAPS_VNC_MULTI_SERVERS
qemu: properly handle '=' in the VNC socket path
tests: add test case for new syntax of VNC unix path with '='
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 5 ++++-
tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml | 1 +
.../caps_2.6.0-gicv2.aarch64.xml | 1 +
.../caps_2.6.0-gicv3.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.6.0.ppc64le.xml | 1 +
tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 +
...muxml2argv-graphics-vnc-socket-new-cmdline.args | 22 ++++++++++++++++++++++
...emuxml2argv-graphics-vnc-socket-new-cmdline.xml | 20 ++++++++++++++++++++
tests/qemuxml2argvtest.c | 2 ++
19 files changed, 64 insertions(+), 1 deletion(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-socket-new-cmdline.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-socket-new-cmdline.xml
--
2.13.3
7 years, 5 months
[libvirt] [PATCH v4] qemu: Check for existence of provided *_tls_x509_cert_dir
by John Ferlan
https://bugzilla.redhat.com/show_bug.cgi?id=1458630
Introduce virQEMUDriverConfigTLSDirResetDefaults in order to check
if the defaultTLSx509certdir was changed, then change the default
for any other *TLSx509certdir that was not set to the default default.
Introduce virQEMUDriverConfigValidate to validate the existence of
any of the *_tls_x509_cert_dir values that were uncommented/set,
incuding the default.
Update the qemu.conf description for default to describe the consequences
if the default directory path does not exist.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
v3: https://www.redhat.com/archives/libvir-list/2017-July/msg00915.html
Changes since v3 - rework even more based on code review.
src/qemu/qemu.conf | 8 ++++
src/qemu/qemu_conf.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++-
src/qemu/qemu_conf.h | 4 ++
src/qemu/qemu_driver.c | 3 ++
4 files changed, 119 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 1d81472..f977e3b 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -13,6 +13,14 @@
#
# dh-params.pem - the DH params configuration file
#
+# If the directory does not exist or contain the necessary files, QEMU
+# domains will fail to start if they are configured to use TLS.
+#
+# In order to overwrite the default path alter the following. This path
+# definition will be used as the default path for other *_tls_x509_cert_dir
+# configuration settings if their default path does not exist or is not
+# specifically set.
+#
#default_tls_x509_cert_dir = "/etc/pki/qemu"
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index c4714ed..1a4a998 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -425,6 +425,43 @@ virQEMUDriverConfigHugeTLBFSInit(virHugeTLBFSPtr hugetlbfs,
}
+/**
+ * @cfg: Just read config TLS values
+ *
+ * If the default_tls_x509_cert_dir was uncommented or changed from
+ * the default value assigned to the *_tls_x509_cert_dir values when
+ * virQEMUDriverConfigNew was executed, we need to check if we need
+ * to update the other defaults.
+ *
+ * Returns 0 on success, -1 on failure
+ */
+static int
+virQEMUDriverConfigTLSDirResetDefaults(virQEMUDriverConfigPtr cfg)
+{
+ /* Not changed or set to the default default, nothing to do */
+ if (!cfg->checkdefaultTLSx509certdir ||
+ STREQ(cfg->defaultTLSx509certdir, SYSCONFDIR "/pki/qemu"))
+ return 0;
+
+#define CHECK_RESET_CERT_DIR_DEFAULT(val) \
+ do { \
+ if (STREQ(cfg->val ## TLSx509certdir, SYSCONFDIR "/pki/qemu")) { \
+ VIR_FREE(cfg->val ## TLSx509certdir); \
+ if (VIR_STRDUP(cfg->val ## TLSx509certdir, \
+ cfg->defaultTLSx509certdir) < 0) \
+ return -1; \
+ } \
+ } while (0)
+
+ CHECK_RESET_CERT_DIR_DEFAULT(vnc);
+ CHECK_RESET_CERT_DIR_DEFAULT(spice);
+ CHECK_RESET_CERT_DIR_DEFAULT(chardev);
+ CHECK_RESET_CERT_DIR_DEFAULT(migrate);
+
+ return 0;
+}
+
+
int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
const char *filename,
bool privileged)
@@ -452,8 +489,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
if (!(conf = virConfReadFile(filename, 0)))
goto cleanup;
- if (virConfGetValueString(conf, "default_tls_x509_cert_dir", &cfg->defaultTLSx509certdir) < 0)
+ if ((rv = virConfGetValueString(conf, "default_tls_x509_cert_dir", &cfg->defaultTLSx509certdir)) < 0)
goto cleanup;
+ cfg->checkdefaultTLSx509certdir = (rv == 1);
if (virConfGetValueBool(conf, "default_tls_x509_verify", &cfg->defaultTLSx509verify) < 0)
goto cleanup;
if (virConfGetValueString(conf, "default_tls_x509_secret_uuid",
@@ -549,6 +587,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
#undef GET_CONFIG_TLS_CERTINFO
+ if (virQEMUDriverConfigTLSDirResetDefaults(cfg) < 0)
+ goto cleanup;
+
if (virConfGetValueUInt(conf, "remote_websocket_port_min", &cfg->webSocketPortMin) < 0)
goto cleanup;
if (cfg->webSocketPortMin < QEMU_WEBSOCKET_PORT_MIN) {
@@ -873,6 +914,68 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
return ret;
}
+
+/**
+ * @cfg: Recently read config values
+ *
+ * Validate the recently read configuration values.
+ *
+ * Returns 0 on success, -1 on failure
+ */
+int
+virQEMUDriverConfigValidate(virQEMUDriverConfigPtr cfg)
+{
+ /* If the default entry was uncommented, then validate existence */
+ if (cfg->checkdefaultTLSx509certdir) {
+ if (!virFileExists(cfg->defaultTLSx509certdir)) {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("default_tls_x509_cert_dir directory '%s' "
+ "does not exist"),
+ cfg->defaultTLSx509certdir);
+ return -1;
+ }
+ }
+
+ /* For each of the others - if the value is not to the default default
+ * then check if the directory exists (this may duplicate the check done
+ * during virQEMUDriverConfigNew).
+ */
+ if (STRNEQ(cfg->vncTLSx509certdir, SYSCONFDIR "/pki/qemu") &&
+ !virFileExists(cfg->vncTLSx509certdir)) {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("vnc_tls_x509_cert_dir directory '%s' does not exist"),
+ cfg->vncTLSx509certdir);
+ return -1;
+ }
+
+ if (STRNEQ(cfg->spiceTLSx509certdir, SYSCONFDIR "/pki/qemu") &&
+ !virFileExists(cfg->spiceTLSx509certdir)) {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("spice_tls_x509_cert_dir directory '%s' does not exist"),
+ cfg->spiceTLSx509certdir);
+ return -1;
+ }
+
+ if (STRNEQ(cfg->chardevTLSx509certdir, SYSCONFDIR "/pki/qemu") &&
+ !virFileExists(cfg->chardevTLSx509certdir)) {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("chardev_tls_x509_cert_dir directory '%s' does not exist"),
+ cfg->chardevTLSx509certdir);
+ return -1;
+ }
+
+ if (STRNEQ(cfg->migrateTLSx509certdir, SYSCONFDIR "/pki/qemu") &&
+ !virFileExists(cfg->migrateTLSx509certdir)) {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("migrate_tls_x509_cert_dir directory '%s' does not exist"),
+ cfg->migrateTLSx509certdir);
+ return -1;
+ }
+
+ return 0;
+}
+
+
virQEMUDriverConfigPtr virQEMUDriverGetConfig(virQEMUDriverPtr driver)
{
virQEMUDriverConfigPtr conf;
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 3013f24..d469b50 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -113,6 +113,7 @@ struct _virQEMUDriverConfig {
char *nvramDir;
char *defaultTLSx509certdir;
+ bool checkdefaultTLSx509certdir;
bool defaultTLSx509verify;
char *defaultTLSx509secretUUID;
@@ -302,6 +303,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
const char *filename,
bool privileged);
+int
+virQEMUDriverConfigValidate(virQEMUDriverConfigPtr cfg);
+
virQEMUDriverConfigPtr virQEMUDriverGetConfig(virQEMUDriverPtr driver);
bool virQEMUDriverIsPrivileged(virQEMUDriverPtr driver);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a423663..3ad71e6 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -667,6 +667,9 @@ qemuStateInitialize(bool privileged,
goto error;
VIR_FREE(driverConf);
+ if (virQEMUDriverConfigValidate(cfg) < 0)
+ goto error;
+
if (virFileMakePath(cfg->stateDir) < 0) {
virReportSystemError(errno, _("Failed to create state dir %s"),
cfg->stateDir);
--
2.9.4
7 years, 5 months
[libvirt] [PATCH] build: Distribute tests/{qemucpumock.c, testutilshostcpus.h}
by Martin Kletzander
Missed by 13554a9e7f4e.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Pushed under the build-breaker rule.
tests/Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 562c1c77178e..11a380163177 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -560,7 +560,7 @@ libqemutestdriver_la_LDFLAGS = $(QEMULIB_LDFLAGS)
libqemutestdriver_la_LIBADD = $(qemu_LDADDS)
qemucpumock_la_SOURCES = \
- qemucpumock.c
+ qemucpumock.c testutilshostcpus.h
qemucpumock_la_CFLAGS = $(AM_CFLAGS)
qemucpumock_la_LDFLAGS = $(MOCKLIBS_LDFLAGS)
qemucpumock_la_LIBADD = $(MOCKLIBS_LIBS)
@@ -674,7 +674,7 @@ EXTRA_DIST += qemuxml2argvtest.c qemuxml2xmltest.c qemuargv2xmltest.c \
qemumonitorjsontest.c qemuhotplugtest.c \
qemuagenttest.c qemucapabilitiestest.c \
qemucaps2xmltest.c qemucommandutiltest.c \
- qemumemlocktest.c \
+ qemumemlocktest.c qemucpumock.c testutilshostcpus.h \
$(QEMUMONITORTESTUTILS_SOURCES)
endif ! WITH_QEMU
--
2.13.3
7 years, 5 months
[libvirt] [PATCH 00/16] Make the virNetworkObjPtr private
by John Ferlan
All part of the effort I have to have a common object model. This series
is network test, driver, and virnetworkobj related to work towards that
goal. By the last patch, the object is now private to virnetworkobj.c
John Ferlan (16):
test: Fix up formatting in network test API's
test: Use consistent variable names for network test driver APIs
network: Perform some formatting cleanup in bridge_driver
network: Use consistent naming in bridge_driver for virNetwork objects
network: Move macmap mgmt from bridge_driver to virnetworkobj
network: Add virNetworkObj Get/Set API's for @dnsmasqPid and @radvdPid
network: Alter virNetworkObj @class_id to be @classIdMap
network: Add virNetworkObj Get/Set API's for @floor_sum
network: Add virNetworkObj Get API's for @def and @newDef
network: Introduce virNetworkObj{Get|Set}Autostart
network: Introduce virNetworkObj{Is|Set}Active
network: Introduce virNetworkObjIsPersistent
network: Consistent use of @obj for virnetworkobj
network: Adjust virNetworkObjNew call and return
network: Modify naming for virNetworkObjList* fetching APIs
network: Privatize virNetworkObj
src/conf/virnetworkobj.c | 679 +++++++++++++++------
src/conf/virnetworkobj.h | 107 +++-
src/libvirt_private.syms | 20 +
src/network/bridge_driver.c | 1415 +++++++++++++++++++++++--------------------
src/network/bridge_driver.h | 50 +-
src/test/test_driver.c | 279 +++++----
tests/networkxml2conftest.c | 13 +-
7 files changed, 1538 insertions(+), 1025 deletions(-)
--
2.9.3
7 years, 5 months
[libvirt] [PATCH] docs: Add build timestamps to generated html/php pages
by Martin Kletzander
In order not to make the build even less reproducible, honour
SOURCE_DATE_EPOCH environment variable as specified:
https://reproducible-builds.org/specs/source-date-epoch/
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
docs/Makefile.am | 13 +++++++++----
docs/newapi.xsl | 2 ++
docs/page.xsl | 4 ++++
docs/site.xsl | 1 +
docs/subsite.xsl | 1 +
5 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/docs/Makefile.am b/docs/Makefile.am
index e32758f4aa36..67a945a334f3 100644
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -196,6 +196,8 @@ MAINTAINERCLEANFILES = \
$(addprefix $(srcdir)/,$(dot_php)) \
$(srcdir)/hvsupport.html.in $(srcdir)/aclperms.htmlinc
+timestamp="$(shell if test -n "$$SOURCE_DATE_EPOCH"; then date --date="@$$SOURCE_DATE_EPOCH"; else date; fi)"
+
all-am: web
api: $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
@@ -255,7 +257,8 @@ MAINTAINERCLEANFILES += \
$(MKDIR_P) $$dir; \
style=subsite.xsl; \
fi; \
- $(XSLTPROC) --stringparam pagename $$name --nonet \
+ $(XSLTPROC) --stringparam pagename $$name \
+ --stringparam timestamp $(timestamp) --nonet \
$(top_srcdir)/docs/$$style $< > $@ \
|| { rm $@ && exit 1; }; fi
@@ -270,9 +273,10 @@ MAINTAINERCLEANFILES += \
else echo "missing XHTML1 DTD"; cat $< > $(srcdir)/$@ ; fi ; fi
%.php.tmp: %.php.in site.xsl page.xsl
- @if [ -x $(XSLTPROC) ] ; then \
+ if [ -x $(XSLTPROC) ] ; then \
echo "Generating $@"; \
- $(XSLTPROC) --stringparam pagename $(@:.tmp=) --nonet \
+ $(XSLTPROC) --stringparam pagename $(@:.tmp=) \
+ --stringparam timestamp $(timestamp) --nonet \
$(top_srcdir)/docs/site.xsl $< > $@ \
|| { rm $@ && exit 1; }; fi
@@ -289,6 +293,7 @@ html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
$(XSLTPROC) --nonet -o $(srcdir)/ \
--stringparam builddir '$(abs_top_builddir)' \
+ --stringparam timestamp $(timestamp) \
$(srcdir)/newapi.xsl $(srcdir)/libvirt-api.xml ; fi && \
if test -x $(XMLLINT) && test -x $(XMLCATALOG) ; then \
if $(XMLCATALOG) '$(XML_CATALOG_FILE)' "-//W3C//DTD XHTML 1.0 Strict//EN" \
@@ -299,7 +304,7 @@ html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
$(addprefix $(srcdir)/,$(devhelphtml)): $(srcdir)/libvirt-api.xml $(devhelpxsl)
$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
- $(XSLTPROC) --nonet -o $(srcdir)/devhelp/ \
+ $(XSLTPROC) --stringparam timestamp $(timestamp) --nonet -o $(srcdir)/devhelp/ \
$(top_srcdir)/docs/devhelp/devhelp.xsl $(srcdir)/libvirt-api.xml ; fi
diff --git a/docs/newapi.xsl b/docs/newapi.xsl
index 9dd961507af4..d45bfc192d63 100644
--- a/docs/newapi.xsl
+++ b/docs/newapi.xsl
@@ -818,6 +818,7 @@
doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<xsl:apply-templates select="exsl:node-set($mainpage)" mode="page">
<xsl:with-param name="pagename" select="concat($htmldir, '/index.html')"/>
+ <xsl:with-param name="timestamp" select="$timestamp"/>
</xsl:apply-templates>
</xsl:document>
@@ -834,6 +835,7 @@
doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<xsl:apply-templates select="exsl:node-set($subpage)" mode="page">
<xsl:with-param name="pagename" select="concat($htmldir, '/libvirt-', @name, '.html')"/>
+ <xsl:with-param name="timestamp" select="$timestamp"/>
</xsl:apply-templates>
</xsl:document>
</xsl:for-each>
diff --git a/docs/page.xsl b/docs/page.xsl
index 1d662c670686..5d8e6e8263c3 100644
--- a/docs/page.xsl
+++ b/docs/page.xsl
@@ -75,11 +75,15 @@
<!-- This is the master page structure -->
<xsl:template match="/" mode="page">
<xsl:param name="pagename"/>
+ <xsl:param name="timestamp"/>
<html>
<xsl:comment>
This file is autogenerated from <xsl:value-of select="$pagename"/>.in
Do not edit this file. Changes will be lost.
</xsl:comment>
+ <xsl:comment>
+ This page was generated at <xsl:value-of select="$timestamp"/>.
+ </xsl:comment>
<head>
<link rel="stylesheet" type="text/css" href="{$href_base}main.css"/>
<link rel="SHORTCUT ICON" href="{$href_base}32favicon.png"/>
diff --git a/docs/site.xsl b/docs/site.xsl
index ce354c32fb59..b84630e39029 100644
--- a/docs/site.xsl
+++ b/docs/site.xsl
@@ -29,6 +29,7 @@
<xsl:template match="/">
<xsl:apply-templates select="." mode="page">
<xsl:with-param name="pagename" select="$pagename"/>
+ <xsl:with-param name="timestamp" select="$timestamp"/>
</xsl:apply-templates>
</xsl:template>
diff --git a/docs/subsite.xsl b/docs/subsite.xsl
index 108d0d83e509..6d2453f98e9c 100644
--- a/docs/subsite.xsl
+++ b/docs/subsite.xsl
@@ -19,6 +19,7 @@
<xsl:template match="/">
<xsl:apply-templates select="." mode="page">
<xsl:with-param name="pagename" select="$pagename"/>
+ <xsl:with-param name="timestamp" select="$timestamp"/>
</xsl:apply-templates>
</xsl:template>
--
2.13.3
7 years, 5 months
[libvirt] [PATCH] docs: Fix documentation related to memory locking
by Nitesh Konkar
Signed-off-by: Nitesh Konkar <nitkon12(a)linux.vnet.ibm.com>
---
docs/formatdomain.html.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index bceddd2..91195be 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -964,7 +964,7 @@
option opens up to a potential security risk: the host will be unable
to reclaim the locked memory back from the guest when it's running out
of memory, which means a malicious guest allocating large amounts of
- locked memory could cause a denial-of-service attach on the host.
+ locked memory could cause a denial-of-service attack on the host.
Because of this, using this option is discouraged unless your workload
demands it; even then, it's highly recommended to set an
<code>hard_limit</code> (see
--
2.9.4
7 years, 5 months