picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

test-bpf-firewall: do not mlock() a large amount of memory 

64MB is not that much, but let's not be greedy, esp. because we may run
many things in parallel.

Also, rlim_cur should never be higher than rlim_max, so let's simplify our
code.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-11-08 12:03:23 +01:00
parent d3472f9b50
commit ee19c80733
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/test/test-bpf-firewall.c
View File

@ -16,8 +16,8 @@
#include "unit.h"
#include "virt.h"
/* We use the same limit here that PID 1 bumps RLIMIT_MEMLOCK to if it can */
#define CAN_MEMLOCK_SIZE (64U*1024U*1024U)
/* We use the small but non-trivial limit here */
#define CAN_MEMLOCK_SIZE (512 * 1024U)
static bool can_memlock(void) {
void *p;
@ -64,7 +64,7 @@ int main(int argc, char *argv[]) {
return log_tests_skipped("test-bpf-firewall fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0);
rl.rlim_cur = rl.rlim_max = MAX3(rl.rlim_cur, rl.rlim_max, CAN_MEMLOCK_SIZE);
rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);
(void) setrlimit(RLIMIT_MEMLOCK, &rl);
if (!can_memlock())