test-bpf-firewall: do not mlock() a large amount of memory
64MB is not that much, but let's not be greedy, esp. because we may run many things in parallel. Also, rlim_cur should never be higher than rlim_max, so let's simplify our code.
This commit is contained in:
parent
d3472f9b50
commit
ee19c80733
|
@ -16,8 +16,8 @@
|
|||
#include "unit.h"
|
||||
#include "virt.h"
|
||||
|
||||
/* We use the same limit here that PID 1 bumps RLIMIT_MEMLOCK to if it can */
|
||||
#define CAN_MEMLOCK_SIZE (64U*1024U*1024U)
|
||||
/* We use the small but non-trivial limit here */
|
||||
#define CAN_MEMLOCK_SIZE (512 * 1024U)
|
||||
|
||||
static bool can_memlock(void) {
|
||||
void *p;
|
||||
|
@ -64,7 +64,7 @@ int main(int argc, char *argv[]) {
|
|||
return log_tests_skipped("test-bpf-firewall fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
|
||||
|
||||
assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0);
|
||||
rl.rlim_cur = rl.rlim_max = MAX3(rl.rlim_cur, rl.rlim_max, CAN_MEMLOCK_SIZE);
|
||||
rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);
|
||||
(void) setrlimit(RLIMIT_MEMLOCK, &rl);
|
||||
|
||||
if (!can_memlock())
|
||||
|
|
Loading…
Reference in New Issue