Demi Marie Obenour <demiobenour@gmail.com> writes:

> It only needs access to a small number of resources.  Unfortunately, it
> needs access to /dev/vfio right now.  This should be fixed by using file
> descriptor passing instead.  Also, Cloud Hypervisor should not run as
> root.
>
> Cloud Hypervisor needs to be able to lock memory.  Running in a user
> namespace prevents it from using CAP_IPC_LOCK.  Therefore, it is
> necessary to increase RLIMIT_MLOCK before running Cloud Hypervisor.
>
> Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
> ---
>  host/rootfs/image/usr/bin/run-vmm | 33 ++++++++++++++++++++++++++++++++-
>  1 file changed, 32 insertions(+), 1 deletion(-)
>
> diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm
> index ba8b59c2677408acdd01c2eda3cf2dd60992d881..24c3d607bfcf6fea6196b61d2941141486d33fd6 100755
> --- a/host/rootfs/image/usr/bin/run-vmm
> +++ b/host/rootfs/image/usr/bin/run-vmm
> @@ -52,5 +52,36 @@ unexport !
>  fdmove -c 3 0
>  redirfd -r 0 /dev/null
>  
> +s6-softlimit -H -l 18446744073709551615

My question about the limit from last time is still waiting for an
answer…