Add ppc64 kvm memlock file (bz 1293024)

2016-10-19 12:23:45 -04:00 · 2016-10-19 12:23:45 -04:00 · d19693d908
parent 8dd6b5e9c8
commit d19693d908
2 changed files with 20 additions and 0 deletions
--- a/95-kvm-ppc64-memlock.conf
+++ b/95-kvm-ppc64-memlock.conf
@ -0,0 +1,12 @@
+# The KVM HV implementation on Power can require a significant amount
+# of unswappable memory (about half of which also needs to be host
+# physically contiguous) to hold the guest's Hash Page Table (HPT) -
+# roughly 1/64th of the guest's RAM size, minimum 16MiB.
+#
+# These limits allow unprivileged users to start smallish VMs, such as
+# those used by libguestfs.
+#
+# https://bugzilla.redhat.com/show_bug.cgi?id=1293024
+#
+*	hard	memlock		65536
+*	soft	memlock		65536
--- a/qemu.spec
+++ b/qemu.spec
@ -99,6 +99,8 @@ Source13: qemu-kvm.sh
 Source20: kvm.conf
 # /etc/sysctl.d/50-kvm-s390x.conf
 Source21: 50-kvm-s390x.conf
+# /etc/security/limits.d/95-kvm-ppc64-memlock.conf
+Source22: 95-kvm-ppc64-memlock.conf

 # CVE-2016-7155: pvscsi: OOB read and infinite loop (bz #1373463)
 Patch0001: 0001-vmw_pvscsi-check-page-count-while-initialising-descr.patch
@ -881,6 +883,11 @@ install -d %{buildroot}%{_sysconfdir}/sysctl.d
 install -m 0644 %{_sourcedir}/50-kvm-s390x.conf %{buildroot}%{_sysconfdir}/sysctl.d
 %endif

+%ifarch %{power64}
+install -d %{buildroot}%{_sysconfdir}/security/limits.d
+install -m 0644 %{_sourcedir}/50-kvm-ppc64-memlock.conf %{buildroot}%{_sysconfdir}/security/limits.d
+%endif
+

 # Install kvm specific bits
 %if %{have_kvm}
@ -1552,6 +1559,7 @@ getent passwd qemu >/dev/null || \
 %{_datadir}/%{name}/u-boot.e500
 %ifarch %{power64}
 %{?kvm_files:}
+%{_sysconfdir}/security/limits.d/95-kvm-ppc64-memlock.conf
 %endif