Re: [libvirt-users] RLIMIT_MEMLOCK in container environment
On Thu, Aug 22, 2019 at 2:24 AM Daniel P. Berrangé <berrange(a)redhat.com> wrote:
On Wed, Aug 21, 2019 at 01:37:21PM -0700, Ihar Hrachyshka wrote:
> Hi all,
>
> KubeVirt uses libvirtd to manage qemu VMs represented as Kubernetes
> API resources. In this case, libvirtd is running inside an
> unprivileged pod, with some host mounts / capabilities added to the
> pod, needed by libvirtd and other services.
>
> One of the capabilities libvirtd requires for successful startup
> inside a pod is SYS_RESOURCE. This capability is used to adjust
> RLIMIT_MEMLOCK ulimit value depending on devices attached to the
> managed guest, both on startup and during hotplug. AFAIU the need to
> lock the memory is to avoid pages being pushed out from RAM into swap.
Libvirt shouldn't set RLIMIT_MEMLOCK by default, unless there's
something in the XML that requires it - one of
You are right, sorry. We add SYS_RESOURCE only for particular domains.
- hard limit memory value is present
- host PCI device passthrough is requested
We are using passthrough to pass SR-IOV NIC VFs into guests. We also
plan to do the same for GPUs in the near future.
- memory is locked into RAM
which of these are you actually using ?
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|