If running libvirtd via systemd, it gets a 64 MB memlock limit, but if running from the shell it will only get 64 KB on a Fedora 33 system. The latter low limit causes any attempt to use BPF to fail and it is not obvious why. This improves the error message thus: # virsh -c lxc:/// start sh error: Failed to start domain 'sh' error: internal error: guest failed to start: Failure in libvirt_lxc startup: failed to initialize device BPF map; locked memory limit for libvirtd probably needs to be raised: Operation not permitted Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/util/vircgroupv2devices.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index 71591be4c4..4bcc1d52fe 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -443,9 +443,17 @@ virCgroupV2DevicesCreateMap(size_t size) sizeof(uint32_t), size); if (mapfd < 0) { - virReportSystemError(errno, "%s", - _("failed to initialize device BPF map")); - return -1; + if (errno == EPERM) { + virReportSystemError(errno, "%s", + _("failed to initialize device BPF map; " + "locked memory limit for libvirtd probably " + "needs to be raised")); + return -1; + } else { + virReportSystemError(errno, "%s", + _("failed to initialize device BPF map")); + return -1; + } } return mapfd; -- 2.30.2