If running libvirtd via systemd, it gets a 64 MB memlock limit, but if
running from the shell it will only get 64 KB on a Fedora 33 system.
The latter low limit causes any attempt to use BPF to fail and it is
not obvious why.
This improves the error message thus:
# virsh -c lxc:/// start sh
error: Failed to start domain 'sh'
error: internal error: guest failed to start: Failure in libvirt_lxc startup: failed to initialize device BPF map; locked memory limit for libvirtd probably needs to be raised: Operation not permitted
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
src/util/vircgroupv2devices.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
index 71591be4c4..4bcc1d52fe 100644
--- a/src/util/vircgroupv2devices.c
+++ b/src/util/vircgroupv2devices.c
@@ -443,9 +443,17 @@ virCgroupV2DevicesCreateMap(size_t size)
sizeof(uint32_t), size);
if (mapfd < 0) {
- virReportSystemError(errno, "%s",
- _("failed to initialize device BPF map"));
- return -1;
+ if (errno == EPERM) {
+ virReportSystemError(errno, "%s",
+ _("failed to initialize device BPF map; "
+ "locked memory limit for libvirtd probably "
+ "needs to be raised"));
+ return -1;
+ } else {
+ virReportSystemError(errno, "%s",
+ _("failed to initialize device BPF map"));
+ return -1;
+ }
}
return mapfd;
--
2.30.2
