From nobody Mon Feb  9 19:53:28 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1614971829; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LJ3fRUm1Q8ZZhLEkgLHk28kUm9zcLFby+wRGqvn8IuV8aEpd6u3QA44D6vOC8RvAPNh6FKfOy1jAEix65uJDE7DqMu10pCGUXOfuzXfkaGNJ5zsgtdnCjK2j/3bCo/3IA1DWCrzrwOd6nB7bA92fSq5FRFhqMB+iBvotSvbH+/M=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1614971829;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=yoMrQW7+a8ZHI3uZ0+uoSPSB/RJi3nJ6HXAs1uNa55c=;
	b=eCvuSBik4FP7cpNmjKgfqVEDA+TfdkA7b4COYdg/kOV+xL+SAYJJPSlVV3yx9nZsVNzFRvJE0cj6XS4Wq6A+g3DUbZAbIdXgJECPprUPwgyBOakG9XCMFb1FMWvn4c62gS3H6GbBQEbKbk8rduCbkmqpgQJEH5bcIQ4q/Z86Vvw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<abologna@redhat.com> (p=none dis=none)
 header.from=<abologna@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com
	with SMTPS id 1614971829806287.09301062251006;
 Fri, 5 Mar 2021 11:17:09 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-580-gWAhzkPQOwilvEsmEfy7_w-1; Fri, 05 Mar 2021 14:15:33 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9ACF51084D83;
	Fri,  5 Mar 2021 19:15:26 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7075919D7D;
	Fri,  5 Mar 2021 19:15:26 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3611957DCB;
	Fri,  5 Mar 2021 19:15:26 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 125JEVXx001893 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 5 Mar 2021 14:14:31 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 0D68D5D719; Fri,  5 Mar 2021 19:14:31 +0000 (UTC)
Received: from harajuku.usersys.redhat.com (unknown [10.40.194.220])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 64FB65D6DC
	for <libvir-list@redhat.com>; Fri,  5 Mar 2021 19:14:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1614971828;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=yoMrQW7+a8ZHI3uZ0+uoSPSB/RJi3nJ6HXAs1uNa55c=;
	b=fr1m8B7yvGJXkh/0LJFPZ7x0nQ/VWJBFJyQcdEao3P0IVxdLwiTsKQJCKY+U77anAui78R
	JEJ+hEF8uA/B0mECWl00o1+4q6zELt3PeWAiUSvlrd9lBer5os1JK8sPcU2JCyPlMxV0Dk
	3hMoIGe/Uuk0oPZRvNYhjLD3r6huFDE=
X-MC-Unique: gWAhzkPQOwilvEsmEfy7_w-1
From: Andrea Bolognani <abologna@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 15/17] qemu: Add external_limit_manager config knob
Date: Fri,  5 Mar 2021 20:14:02 +0100
Message-Id: <20210305191404.529903-16-abologna@redhat.com>
In-Reply-To: <20210305191404.529903-1-abologna@redhat.com>
References: <20210305191404.529903-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

This will be useful when libvirtd is running in a containerized
environment with limited capabilities, and in order to make
things like VFIO device assignment still work an external
privileged process changes the limits from outside of the
container. KubeVirt is an example of this setup.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/qemu/libvirtd_qemu.aug         |  1 +
 src/qemu/qemu.conf                 | 12 ++++++++++++
 src/qemu/qemu_conf.c               |  4 ++++
 src/qemu/qemu_conf.h               |  1 +
 src/qemu/test_libvirtd_qemu.aug.in |  1 +
 5 files changed, 19 insertions(+)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 3c1045858b..f1b024a37f 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -104,6 +104,7 @@ module Libvirtd_qemu =3D
                  | str_entry "slirp_helper"
                  | str_entry "dbus_daemon"
                  | bool_entry "set_process_name"
+                 | bool_entry "external_limit_manager"
                  | int_entry "max_processes"
                  | int_entry "max_files"
                  | limits_entry "max_core"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 0c1054f198..15cbc3ba38 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -662,6 +662,18 @@
 #
 #set_process_name =3D 1
=20
+# If enabled, libvirt will not attempt to change process limits (as
+# configured with the max_processes, max_files and max_core settings
+# below) itself but will instead expect an external entity to perform
+# this task.
+#
+# This also applies to the memory locking limit, which cannot be
+# configured here and is instead calculated dynamically based on the
+# exact guest configuration: if an external limit manager is in use,
+# then libvirt will merely check that the limit has been set
+# appropriately.
+#
+#external_limit_manager =3D 1
=20
 # If max_processes is set to a positive integer, libvirt will use
 # it to set the maximum number of processes that can be run by qemu
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 2bbc75024c..ee95c124dd 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -673,6 +673,10 @@ virQEMUDriverConfigLoadProcessEntry(virQEMUDriverConfi=
gPtr cfg,
=20
     if (virConfGetValueBool(conf, "set_process_name", &cfg->setProcessName=
) < 0)
         return -1;
+
+    if (virConfGetValueBool(conf, "external_limit_manager", &cfg->external=
LimitManager) < 0)
+        return -1;
+
     if (virConfGetValueUInt(conf, "max_processes", &cfg->maxProcesses) < 0)
         return -1;
     if (virConfGetValueUInt(conf, "max_files", &cfg->maxFiles) < 0)
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 7025b5222e..15e0353253 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -176,6 +176,7 @@ struct _virQEMUDriverConfig {
     bool nogfxAllowHostAudio;
     bool setProcessName;
=20
+    bool externalLimitManager;
     unsigned int maxProcesses;
     unsigned int maxFiles;
     unsigned int maxThreadsPerProc;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe=
mu.aug.in
index 9310dcec1c..73be55febe 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -77,6 +77,7 @@ module Test_libvirtd_qemu =3D
 { "hugetlbfs_mount" =3D "/dev/hugepages" }
 { "bridge_helper" =3D "/usr/libexec/qemu-bridge-helper" }
 { "set_process_name" =3D "1" }
+{ "external_limit_manager" =3D "1" }
 { "max_processes" =3D "0" }
 { "max_files" =3D "0" }
 { "max_threads_per_process" =3D "0" }
--=20
2.26.2