[libvirt PATCH 06/11] systemd: Introduce systemd_service_limitmemlock_extra
Andrea Bolognani
abologna at redhat.com
Mon Oct 2 08:51:21 UTC 2023
Signed-off-by: Andrea Bolognani <abologna at redhat.com>
---
src/ch/meson.build | 1 +
src/ch/virtchd.service.extra.in | 6 ------
src/lxc/meson.build | 1 +
src/lxc/virtlxcd.service.extra.in | 6 ------
src/meson.build | 1 +
src/qemu/meson.build | 1 +
src/qemu/virtqemud.service.extra.in | 6 ------
src/remote/libvirtd.service.in | 6 ------
src/remote/meson.build | 1 +
...service.extra.in => virtd.service.limitmemlock.extra.in} | 6 ------
10 files changed, 5 insertions(+), 30 deletions(-)
copy src/{ch/virtchd.service.extra.in => virtd.service.limitmemlock.extra.in} (75%)
diff --git a/src/ch/meson.build b/src/ch/meson.build
index 9eecf8c27f..29e76b6938 100644
--- a/src/ch/meson.build
+++ b/src/ch/meson.build
@@ -62,6 +62,7 @@ if conf.has('WITH_CH')
files('virtchd.service.extra.in'),
systemd_service_limitnofile_extra_in,
systemd_service_taskmax_extra_in,
+ systemd_service_limitmemlock_extra_in,
],
}
diff --git a/src/ch/virtchd.service.extra.in b/src/ch/virtchd.service.extra.in
index 38d820c1af..3655c51130 100644
--- a/src/ch/virtchd.service.extra.in
+++ b/src/ch/virtchd.service.extra.in
@@ -5,9 +5,3 @@ After=remote-fs.target
[Service]
KillMode=process
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices. In order to do that we create a eBPF
-# hash MAP which locks memory. The default map size for 64 devices together
-# with program takes 12k per guest. After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
diff --git a/src/lxc/meson.build b/src/lxc/meson.build
index fb1aedb5fc..044a38c918 100644
--- a/src/lxc/meson.build
+++ b/src/lxc/meson.build
@@ -169,6 +169,7 @@ if conf.has('WITH_LXC')
files('virtlxcd.service.extra.in'),
systemd_service_limitnofile_extra_in,
systemd_service_taskmax_extra_in,
+ systemd_service_limitmemlock_extra_in,
],
}
diff --git a/src/lxc/virtlxcd.service.extra.in b/src/lxc/virtlxcd.service.extra.in
index 38d820c1af..3655c51130 100644
--- a/src/lxc/virtlxcd.service.extra.in
+++ b/src/lxc/virtlxcd.service.extra.in
@@ -5,9 +5,3 @@ After=remote-fs.target
[Service]
KillMode=process
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices. In order to do that we create a eBPF
-# hash MAP which locks memory. The default map size for 64 devices together
-# with program takes 12k per guest. After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
diff --git a/src/meson.build b/src/meson.build
index 37239fd969..611f05583d 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -196,6 +196,7 @@ guest_unit_files = []
# can be used in service_extra_in/socket_extra_in (see below)
systemd_service_limitnofile_extra_in = files('virtd.service.limitnofile.extra.in')
systemd_service_taskmax_extra_in = files('virtd.service.tasksmax.extra.in')
+systemd_service_limitmemlock_extra_in = files('virtd.service.limitmemlock.extra.in')
# virt_daemon_units:
# generate libvirt daemon systemd unit files
diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index b28089aa06..167ed849ea 100644
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -188,6 +188,7 @@ if conf.has('WITH_QEMU')
files('virtqemud.service.extra.in'),
systemd_service_limitnofile_extra_in,
systemd_service_taskmax_extra_in,
+ systemd_service_limitmemlock_extra_in,
],
}
diff --git a/src/qemu/virtqemud.service.extra.in b/src/qemu/virtqemud.service.extra.in
index 164f672c08..32aba8be9c 100644
--- a/src/qemu/virtqemud.service.extra.in
+++ b/src/qemu/virtqemud.service.extra.in
@@ -9,12 +9,6 @@ After=remote-fs.target
[Service]
KillMode=process
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices. In order to do that we create a eBPF
-# hash MAP which locks memory. The default map size for 64 devices together
-# with program takes 12k per guest. After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
[Install]
Also=virtlogd.socket
diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
index 900b734f82..250b4a6fc3 100644
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -33,12 +33,6 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices. In order to do that we create a eBPF
-# hash MAP which locks memory. The default map size for 64 devices together
-# with program takes 12k per guest. After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
[Install]
WantedBy=multi-user.target
diff --git a/src/remote/meson.build b/src/remote/meson.build
index 898131424f..8b81a813f2 100644
--- a/src/remote/meson.build
+++ b/src/remote/meson.build
@@ -194,6 +194,7 @@ if conf.has('WITH_REMOTE')
'service_extra_in': [
systemd_service_limitnofile_extra_in,
systemd_service_taskmax_extra_in,
+ systemd_service_limitmemlock_extra_in,
],
'name': 'legacy monolithic',
'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ],
diff --git a/src/ch/virtchd.service.extra.in b/src/virtd.service.limitmemlock.extra.in
similarity index 75%
copy from src/ch/virtchd.service.extra.in
copy to src/virtd.service.limitmemlock.extra.in
index 38d820c1af..3534b5ea48 100644
--- a/src/ch/virtchd.service.extra.in
+++ b/src/virtd.service.limitmemlock.extra.in
@@ -1,10 +1,4 @@
-[Unit]
-Wants=systemd-machined.service
-After=systemd-machined.service
-After=remote-fs.target
-
[Service]
-KillMode=process
# With cgroups v2 there is no devices controller anymore, we have to use
# eBPF to control access to devices. In order to do that we create a eBPF
# hash MAP which locks memory. The default map size for 64 devices together
--
2.41.0
More information about the libvir-list
mailing list