Make max_clients in virtlockd configurable

Each new VM requires a new connection from libvirtd to virtlockd.
The default max clients limit in virtlockd of 20 is thus woefully
insufficient. virtlockd sockets are only accessible to matching
users, so there is no security need for such a tight limit. Make
it configurable and default to 1024.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

src/locking/lock_daemon.c

@@ -128,7 +128,7 @@ static void virLockDaemonLockSpaceDataFree(void *data,
 }
 
 static virLockDaemonPtr
-virLockDaemonNew(bool privileged)
+virLockDaemonNew(virLockDaemonConfigPtr config, bool privileged)
 {
     virLockDaemonPtr lockd;
 
@@ -142,7 +142,7 @@ virLockDaemonNew(bool privileged)
         return NULL;
     }
 
-    if (!(lockd->srv = virNetServerNew(1, 1, 0, 20,
+    if (!(lockd->srv = virNetServerNew(1, 1, 0, config->max_clients,
                                        -1, 0,
                                        false, NULL,
                                        virLockDaemonClientNew,
@@ -1335,7 +1335,7 @@ int main(int argc, char **argv) {
     /* rv == 1, means we setup everything from saved state,
      * so we only setup stuff from scratch if rv == 0 */
     if (rv == 0) {
-        if (!(lockDaemon = virLockDaemonNew(privileged))) {
+        if (!(lockDaemon = virLockDaemonNew(config, privileged))) {
             ret = VIR_LOCK_DAEMON_ERR_INIT;
             goto cleanup;
         }

src/locking/lock_daemon_config.c

@@ -114,6 +114,7 @@ virLockDaemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
         return NULL;
 
     data->log_buffer_size = 64;
+    data->max_clients = 1024;
 
     return data;
 }
@@ -139,6 +140,7 @@ virLockDaemonConfigLoadOptions(virLockDaemonConfigPtr data,
     GET_CONF_STR(conf, filename, log_filters);
     GET_CONF_STR(conf, filename, log_outputs);
     GET_CONF_INT(conf, filename, log_buffer_size);
+    GET_CONF_INT(conf, filename, max_clients);
 
     return 0;
 

src/locking/lock_daemon_config.h

@@ -34,6 +34,7 @@ struct _virLockDaemonConfig {
     char *log_filters;
     char *log_outputs;
     int log_buffer_size;
+    int max_clients;
 };
 
 

src/locking/virtlockd.aug

@@ -28,6 +28,7 @@ module Libvirtd =
                      | str_entry "log_filters"
                      | str_entry "log_outputs"
                      | int_entry "log_buffer_size"
+                     | int_entry "max_clients"
 
    (* Each enty in the config is one of the following three ... *)
    let entry = logging_entry

src/locking/virtlockd.conf

@@ -58,3 +58,10 @@
 # the default buffer size in kilobytes.
 # If value is 0 or less the debug log buffer is deactivated
 #log_buffer_size = 64
+
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+# Each running virtual machine will require one open connection
+# to virtlockd. So 'max_clients' will affect how many VMs can
+# be run on a host
+#max_clients = 1024