On 12/6/25 12:29, Alyssa Ross wrote: > Demi Marie Obenour writes: > >> It only needs access to a small number of resources. Unfortunately, it >> needs access to /dev/vfio right now. This should be fixed by using file >> descriptor passing instead. Also, Cloud Hypervisor should not run as >> root. >> >> Cloud Hypervisor needs to be able to lock memory. Running in a user >> namespace prevents it from using CAP_IPC_LOCK. Therefore, it is >> necessary to increase RLIMIT_MLOCK before running Cloud Hypervisor. >> >> Signed-off-by: Demi Marie Obenour >> --- >> host/rootfs/image/usr/bin/run-vmm | 33 ++++++++++++++++++++++++++++++++- >> 1 file changed, 32 insertions(+), 1 deletion(-) >> >> diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm >> index ba8b59c2677408acdd01c2eda3cf2dd60992d881..24c3d607bfcf6fea6196b61d2941141486d33fd6 100755 >> --- a/host/rootfs/image/usr/bin/run-vmm >> +++ b/host/rootfs/image/usr/bin/run-vmm >> @@ -52,5 +52,36 @@ unexport ! >> fdmove -c 3 0 >> redirfd -r 0 /dev/null >> >> +s6-softlimit -H -l 18446744073709551615 > > My question about the limit from last time is still waiting for an > answer… Whoops, I saw that all the other patches had been applied and missed that this one hadn't been. -- Sincerely, Demi Marie Obenour (she/her/hers)