From fa56310e1868b3f2e2976824bd7bb0386af7234f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 16 Mar 2021 17:04:24 +0000 Subject: [PATCH] util: tell users that memory locking ulimit is too low for BPF MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If running libvirtd via systemd, it gets a 64 MB memlock limit, but if running from the shell it will only get 64 KB on a Fedora 33 system. The latter low limit causes any attempt to use BPF to fail and it is not obvious why. This improves the error message thus: # virsh -c lxc:/// start sh error: Failed to start domain 'sh' error: internal error: guest failed to start: Failure in libvirt_lxc startup: failed to initialize device BPF map; locked memory limit for libvirtd probably needs to be raised: Operation not permitted Reviewed-by: Pavel Hrdina Signed-off-by: Daniel P. Berrangé --- src/util/vircgroupv2devices.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index 71591be4c4..4bcc1d52fe 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -443,9 +443,17 @@ virCgroupV2DevicesCreateMap(size_t size) sizeof(uint32_t), size); if (mapfd < 0) { - virReportSystemError(errno, "%s", - _("failed to initialize device BPF map")); - return -1; + if (errno == EPERM) { + virReportSystemError(errno, "%s", + _("failed to initialize device BPF map; " + "locked memory limit for libvirtd probably " + "needs to be raised")); + return -1; + } else { + virReportSystemError(errno, "%s", + _("failed to initialize device BPF map")); + return -1; + } } return mapfd; -- 2.47.2