qemu: Enable unprivileged userfaultfd for post-copy migration

Userfaultfd is by default allowed only for privileged processes. Since
libvirt runs QEMU unprivileged, we need to enable unprivileged access to
userfaultfd to enable post-copy migration.

https://bugzilla.redhat.com/show_bug.cgi?id=1945420

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Jiri Denemark 2021-12-02 15:43:27 +01:00
parent 1ee3314c10
commit d804408ef9
3 changed files with 15 additions and 0 deletions

View File

@ -1859,6 +1859,7 @@ exit 0
%files daemon-driver-qemu
%config(noreplace) %{_sysconfdir}/sysconfig/virtqemud
%config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf
%config(noreplace) %{_prefix}/lib/sysctl.d/60-qemu-postcopy-migration.conf
%{_datadir}/augeas/lenses/virtqemud.aug
%{_datadir}/augeas/lenses/tests/test_virtqemud.aug
%{_unitdir}/virtqemud.service

View File

@ -170,6 +170,14 @@ if conf.has('WITH_QEMU')
'file': files('virtqemud.sysconf'),
}
if conf.has('WITH_SYSCTL')
install_data(
'postcopy-migration.sysctl',
install_dir: prefix / 'lib' / 'sysctl.d',
rename: [ '60-qemu-postcopy-migration.conf' ],
)
endif
virt_install_dirs += [
localstatedir / 'lib' / 'libvirt' / 'qemu',
runstatedir / 'libvirt' / 'qemu',

View File

@ -0,0 +1,6 @@
# This is needed to support post-copy migration for QEMU run by libvirt,
# i.e., unprivileged, as userfaultfd is by default only available to
# privileged processes.
# It can be safely overridden by a file in /etc/sysctl.d/ in case post-copy
# migration is not used on the host.
vm.unprivileged_userfaultfd = 1