Attempting to set the memlock limit might fail if we're running
in a containerized environment where CAP_SYS_RESOURCE is not
available, and if the limit is already high enough there's no
point in trying to raise anyway.
https://bugzilla.redhat.com/show_bug.cgi?id=1916346
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/qemu/qemu_domain.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index f8b0e1a62a..560c73b560 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9247,11 +9247,20 @@ qemuDomainAdjustMaxMemLock(virDomainObjPtr vm,
return -1;
if (desiredMemLock > 0) {
- /* If this is the first time adjusting the limit, save the current
- * value so that we can restore it once memory locking is no longer
- * required */
- if (vm->originalMemlock == 0) {
- vm->originalMemlock = currentMemLock;
+ if (currentMemLock < desiredMemLock) {
+ /* If this is the first time adjusting the limit, save the current
+ * value so that we can restore it once memory locking is no longer
+ * required */
+ if (vm->originalMemlock == 0) {
+ vm->originalMemlock = currentMemLock;
+ }
+ } else {
+ /* If the limit is already high enough, we can assume
+ * that some external process is taking care of managing
+ * process limits and we shouldn't do anything ourselves:
+ * we're probably running in a containerized environment
+ * where we don't have enough privilege anyway */
+ desiredMemLock = 0;
}
} else {
/* Once memory locking is no longer required, we can restore the
--
2.26.2