On Wed, Aug 21, 2019 at 01:37:21PM -0700, Ihar Hrachyshka wrote: > Hi all, > > KubeVirt uses libvirtd to manage qemu VMs represented as Kubernetes > API resources. In this case, libvirtd is running inside an > unprivileged pod, with some host mounts / capabilities added to the > pod, needed by libvirtd and other services. > > One of the capabilities libvirtd requires for successful startup > inside a pod is SYS_RESOURCE. This capability is used to adjust > RLIMIT_MEMLOCK ulimit value depending on devices attached to the > managed guest, both on startup and during hotplug. AFAIU the need to > lock the memory is to avoid pages being pushed out from RAM into swap. Libvirt shouldn't set RLIMIT_MEMLOCK by default, unless there's something in the XML that requires it - one of - hard limit memory value is present - host PCI device passthrough is requested - memory is locked into RAM which of these are you actually using ? Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
