[Bug 1276719] [NEW] apparmor denies RLIMIT_MEMLOCK increase needed for VFIO passthrough
David Johnson
davijoh3 at cisco.com
Wed Feb 5 17:41:08 UTC 2014
Public bug reported:
When using VFIO for passthrough devices, all memory of the VM must be
locked.
libvirt tries to increase RLIMIT_MEMLOCK, however apparmor is denying
this:
example xml:
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x03' slot='0x00' function='0x1'/>
</source>
</hostdev>
error message on start of VM:
error: internal error: Process exited prior to exec: libvirt: error :
cannot limit locked memory to 18253611008: Operation not permitted
apparmor log:
kernel: [ 783.469784] type=1400 audit(1391620864.251:35):
apparmor="DENIED" operation="capable" profile="/usr/sbin/libvirtd"
pid=2106 comm="libvirtd" capability=24 capname="sys_resource"
strace of libvirtd shows:
[pid 2934] setrlimit(RLIMIT_MEMLOCK, {rlim_cur=17825792*1024,
rlim_max=17825792*1024}) = -1 EPERM (Operation not permitted)
testing with latest Trusty:
ii libvirt-bin 1.2.1-0ubuntu5 amd64 programs for the libvirt library
ii libvirt0 1.2.1-0ubuntu5 amd64 library for interfacing with different virtualization systems
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1276719
Title:
apparmor denies RLIMIT_MEMLOCK increase needed for VFIO passthrough
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1276719/+subscriptions
More information about the Ubuntu-server-bugs
mailing list