On Thu, Aug 22, 2019 at 2:24 AM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote: > > On Wed, Aug 21, 2019 at 01:37:21PM -0700, Ihar Hrachyshka wrote: > > Hi all, > > > > KubeVirt uses libvirtd to manage qemu VMs represented as Kubernetes > > API resources. In this case, libvirtd is running inside an > > unprivileged pod, with some host mounts / capabilities added to the > > pod, needed by libvirtd and other services. > > > > One of the capabilities libvirtd requires for successful startup > > inside a pod is SYS_RESOURCE. This capability is used to adjust > > RLIMIT_MEMLOCK ulimit value depending on devices attached to the > > managed guest, both on startup and during hotplug. AFAIU the need to > > lock the memory is to avoid pages being pushed out from RAM into swap. > > Libvirt shouldn't set RLIMIT_MEMLOCK by default, unless there's > something in the XML that requires it - one of You are right, sorry. We add SYS_RESOURCE only for particular domains. > > - hard limit memory value is present > - host PCI device passthrough is requested We are using passthrough to pass SR-IOV NIC VFs into guests. We also plan to do the same for GPUs in the near future. > - memory is locked into RAM > > which of these are you actually using ? > > Regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
