systemd: Introduce systemd_service_limitmemlock_extra_in

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/ch/meson.build b/src/ch/meson.build
index 65215f1cb021b9178f5c85dbf0f7c62607682d8e..95e78307abc614cdb713b84b49bc6a220e9b19e5 100644 (file)
--- a/src/ch/meson.build
+++ b/src/ch/meson.build
@@ -64,6 +64,7 @@ if conf.has('WITH_CH')
       files('virtchd.service.extra.in'),
       systemd_service_limitnofile_extra_in,
       systemd_service_tasksmax_extra_in,
+      systemd_service_limitmemlock_extra_in,
     ],
   }
 

diff --git a/src/ch/virtchd.service.extra.in b/src/ch/virtchd.service.extra.in
index 38d820c1afaf92ef950b461e15c12be4a8badf7d..3655c511306b5c704bb2f78d18d060b4ae8b3a08 100644 (file)
--- a/src/ch/virtchd.service.extra.in
+++ b/src/ch/virtchd.service.extra.in
@@ -5,9 +5,3 @@ After=remote-fs.target
 
 [Service]
 KillMode=process
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices. In order to do that we create a eBPF
-# hash MAP which locks memory. The default map size for 64 devices together
-# with program takes 12k per guest. After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M

diff --git a/src/lxc/meson.build b/src/lxc/meson.build
index 338be79f7c894407a8b8b214fc3d350d51a5814d..977a1f0dbe8904ff0fc93e79ea2fc2dcab336e60 100644 (file)
--- a/src/lxc/meson.build
+++ b/src/lxc/meson.build
@@ -169,6 +169,7 @@ if conf.has('WITH_LXC')
       files('virtlxcd.service.extra.in'),
       systemd_service_limitnofile_extra_in,
       systemd_service_tasksmax_extra_in,
+      systemd_service_limitmemlock_extra_in,
     ],
   }
 

diff --git a/src/lxc/virtlxcd.service.extra.in b/src/lxc/virtlxcd.service.extra.in
index 38d820c1afaf92ef950b461e15c12be4a8badf7d..3655c511306b5c704bb2f78d18d060b4ae8b3a08 100644 (file)
--- a/src/lxc/virtlxcd.service.extra.in
+++ b/src/lxc/virtlxcd.service.extra.in
@@ -5,9 +5,3 @@ After=remote-fs.target
 
 [Service]
 KillMode=process
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices. In order to do that we create a eBPF
-# hash MAP which locks memory. The default map size for 64 devices together
-# with program takes 12k per guest. After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M

diff --git a/src/meson.build b/src/meson.build
index ee88c99987904ae23f8afc2495d4197e8f14e28a..28e4b83619546fd3e4e5487c8ac5f209e525bb64 100644 (file)
--- a/src/meson.build
+++ b/src/meson.build
@@ -196,6 +196,7 @@ guest_unit_files = []
 #   can be used in service_extra_in/socket_extra_in (see below)
 systemd_service_limitnofile_extra_in = files('virtd.service.limitnofile.extra.in')
 systemd_service_tasksmax_extra_in = files('virtd.service.tasksmax.extra.in')
+systemd_service_limitmemlock_extra_in = files('virtd.service.limitmemlock.extra.in')
 
 # virt_daemon_units:
 #   generate libvirt daemon systemd unit files

diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index ee4c8ab5bf51bc1021f8274db2cde88afb026845..8cf2df36937cb9ca424836ade0e5e609ad2f56db 100644 (file)
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -188,6 +188,7 @@ if conf.has('WITH_QEMU')
       files('virtqemud.service.extra.in'),
       systemd_service_limitnofile_extra_in,
       systemd_service_tasksmax_extra_in,
+      systemd_service_limitmemlock_extra_in,
     ],
   }
 

diff --git a/src/qemu/virtqemud.service.extra.in b/src/qemu/virtqemud.service.extra.in
index 164f672c08287044af17a43e64e6d391c8881dbd..32aba8be9c904e66c637f9b67bc27ab04987282a 100644 (file)
--- a/src/qemu/virtqemud.service.extra.in
+++ b/src/qemu/virtqemud.service.extra.in
@@ -9,12 +9,6 @@ After=remote-fs.target
 
 [Service]
 KillMode=process
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices. In order to do that we create a eBPF
-# hash MAP which locks memory. The default map size for 64 devices together
-# with program takes 12k per guest. After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
 
 [Install]
 Also=virtlogd.socket

diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
index 900b734f826da763f20956862244643e7f5998e5..250b4a6fc36b00d50598b8a88bc07d28734b3fd0 100644 (file)
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -33,12 +33,6 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices.  In order to do that we create a eBPF
-# hash MAP which locks memory.  The default map size for 64 devices together
-# with program takes 12k per guest.  After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
 
 [Install]
 WantedBy=multi-user.target

diff --git a/src/remote/meson.build b/src/remote/meson.build
index f9291099ab978fb68f16288c41d25a06046462a9..198a0ab26de21f51d95bedc8e522f5ac7fd41097 100644 (file)
--- a/src/remote/meson.build
+++ b/src/remote/meson.build
@@ -194,6 +194,7 @@ if conf.has('WITH_REMOTE')
       'service_extra_in': [
         systemd_service_limitnofile_extra_in,
         systemd_service_tasksmax_extra_in,
+        systemd_service_limitmemlock_extra_in,
       ],
       'name': 'legacy monolithic',
       'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ],

diff --git a/src/virtd.service.limitmemlock.extra.in b/src/virtd.service.limitmemlock.extra.in
new file mode 100644 (file)
index 0000000..3534b5e
--- /dev/null
+++ b/src/virtd.service.limitmemlock.extra.in
@@ -0,0 +1,7 @@
+[Service]
+# With cgroups v2 there is no devices controller anymore, we have to use
+# eBPF to control access to devices. In order to do that we create a eBPF
+# hash MAP which locks memory. The default map size for 64 devices together
+# with program takes 12k per guest. After rounding up we will get 64M to
+# support 4096 guests.
+LimitMEMLOCK=64M