qemu: Only raise memlock limit if necessary

Attempting to set the memlock limit might fail if we're running
in a containerized environment where CAP_SYS_RESOURCE is not
available, and if the limit is already high enough there's no
point in trying to raise it anyway.

https://bugzilla.redhat.com/show_bug.cgi?id=1916346

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index e314613a1c50f7dbf8f7c1eee9c78ff041d81449..718637156a29d64f0e2b3d0556673558d702af4d 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9351,11 +9351,20 @@ qemuDomainAdjustMaxMemLock(virDomainObjPtr vm,
         return -1;
 
     if (desiredMemLock > 0) {
-        /* If this is the first time adjusting the limit, save the current
-         * value so that we can restore it once memory locking is no longer
-         * required */
-        if (vm->originalMemlock == 0) {
-            vm->originalMemlock = currentMemLock;
+        if (currentMemLock < desiredMemLock) {
+            /* If this is the first time adjusting the limit, save the current
+             * value so that we can restore it once memory locking is no longer
+             * required */
+            if (vm->originalMemlock == 0) {
+                vm->originalMemlock = currentMemLock;
+            }
+        } else {
+            /* If the limit is already high enough, we can assume
+             * that some external process is taking care of managing
+             * process limits and we shouldn't do anything ourselves:
+             * we're probably running in a containerized environment
+             * where we don't have enough privilege anyway */
+            desiredMemLock = 0;
         }
     } else {
         /* Once memory locking is no longer required, we can restore the