util: tell users that memory locking ulimit is too low for BPF

If running libvirtd via systemd, it gets a 64 MB memlock limit, but if
running from the shell it will only get 64 KB on a Fedora 33 system.
The latter low limit causes any attempt to use BPF to fail and it is
not obvious why.

This improves the error message thus:

  # virsh -c lxc:/// start sh
error: Failed to start domain 'sh'
error: internal error: guest failed to start: Failure in libvirt_lxc startup: failed to initialize device BPF map; locked memory limit for libvirtd probably needs to be raised: Operation not permitted

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
index 71591be4c46268b5590eeae1ae78725c887bc034..4bcc1d52fea2bf7337fceb889dd02f58b496aec3 100644 (file)
--- a/src/util/vircgroupv2devices.c
+++ b/src/util/vircgroupv2devices.c
@@ -443,9 +443,17 @@ virCgroupV2DevicesCreateMap(size_t size)
                                 sizeof(uint32_t), size);
 
     if (mapfd < 0) {
-        virReportSystemError(errno, "%s",
-                             _("failed to initialize device BPF map"));
-        return -1;
+        if (errno == EPERM) {
+            virReportSystemError(errno, "%s",
+                                 _("failed to initialize device BPF map; "
+                                   "locked memory limit for libvirtd probably "
+                                   "needs to be raised"));
+            return -1;
+        } else {
+            virReportSystemError(errno, "%s",
+                                 _("failed to initialize device BPF map"));
+            return -1;
+        }
     }
 
     return mapfd;