Userfaultfd is by default allowed only for privileged processes. Since
libvirt runs QEMU unprivileged, we need to enable unprivileged access to
userfaultfd to enable post-copy migration.
https://bugzilla.redhat.com/show_bug.cgi?id=
1945420
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
%files daemon-driver-qemu
%config(noreplace) %{_sysconfdir}/sysconfig/virtqemud
%config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf
+%config(noreplace) %{_prefix}/lib/sysctl.d/60-qemu-postcopy-migration.conf
%{_datadir}/augeas/lenses/virtqemud.aug
%{_datadir}/augeas/lenses/tests/test_virtqemud.aug
%{_unitdir}/virtqemud.service
'file': files('virtqemud.sysconf'),
}
+ if conf.has('WITH_SYSCTL')
+ install_data(
+ 'postcopy-migration.sysctl',
+ install_dir: prefix / 'lib' / 'sysctl.d',
+ rename: [ '60-qemu-postcopy-migration.conf' ],
+ )
+ endif
+
virt_install_dirs += [
localstatedir / 'lib' / 'libvirt' / 'qemu',
runstatedir / 'libvirt' / 'qemu',
--- /dev/null
+# This is needed to support post-copy migration for QEMU run by libvirt,
+# i.e., unprivileged, as userfaultfd is by default only available to
+# privileged processes.
+# It can be safely overridden by a file in /etc/sysctl.d/ in case post-copy
+# migration is not used on the host.
+vm.unprivileged_userfaultfd = 1
projects / thirdparty / libvirt.git / commitdiff
