util-ebpf: add call to remove memlock limit

Without that, user has to use ulimit to be able to load the eBPF
file.

diff --git a/src/util-ebpf.c b/src/util-ebpf.c
index 352f169cdd9bc874c8297ca774d2f5e91a988a7f..20922977bac593f7fa5f5c1cb97c110e60ec67dc 100644 (file)
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@@ -37,6 +37,9 @@
 
 #ifdef HAVE_PACKET_EBPF
 
+#include <sys/time.h>
+#include <sys/resource.h>
+
 #include "util-ebpf.h"
 #include "util-cpu.h"
 
@@ -100,6 +103,15 @@ int EBPFLoadFile(const char *path, const char * section, int *val, uint8_t flags
         return -1;
     }
 
+    /* Sending the eBPF code to the kernel requires a large amount of
+     * locked memory so we set it to unlimited to avoid a ENOPERM error */
+    struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
+    if (setrlimit(RLIMIT_MEMLOCK, &r) != 0) {
+        SCLogError(SC_ERR_MEM_ALLOC, "Unable to lock memory: %s (%d)",
+                   strerror(errno), errno);
+        return -1;
+    }
+
     bpfobj = bpf_object__open(path);
 
     if (libbpf_get_error(bpfobj)) {
@@ -137,8 +149,8 @@ int EBPFLoadFile(const char *path, const char * section, int *val, uint8_t flags
     if (err < 0) {
         if (err == -EPERM) {
             SCLogError(SC_ERR_MEM_ALLOC,
-                    "Permission issue when loading eBPF object try to "
-                    "increase memlock limit: %s (%d)",
+                    "Permission issue when loading eBPF object: "
+                    "%s (%d)",
                     strerror(err),
                     err);
         } else {