[libvirt] [PATCH] Raise default limit on number of processes for qemu user

[Jiri Denemark]

The daemon/libvirtd.limits file (which is supposed to be copied to
/etc/security/limits.d/libvirtd.conf) is generated based on --qemu-user
option passed at configure time.

The file is intentionally not installed by make install since installing
it on distributions with higher or no limit on number of process could
actually result in lowering the limit. Packagers may choose whether to
install the file or not. It is installed by libvirt.spec for RPM based
distributions.
---
 configure.ac              |    3 ++-
 daemon/libvirtd.limits.in |    6 ++++++
 libvirt.spec.in           |    7 +++++++
 src/qemu/qemu.conf        |    4 +++-
 4 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 daemon/libvirtd.limits.in

diff --git a/configure.ac b/configure.ac
index a58ee4e..d8002b4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2237,6 +2237,7 @@ AC_ARG_WITH([qemu-group],
   [QEMU_GROUP=root])
 AC_DEFINE_UNQUOTED([QEMU_USER], ["$QEMU_USER"], [QEMU user account])
 AC_DEFINE_UNQUOTED([QEMU_GROUP], ["$QEMU_GROUP"], [QEMU group account])
+AC_SUBST([QEMU_USER])
 
 
 AC_ARG_WITH([macvtap],
@@ -2344,7 +2345,7 @@ AC_OUTPUT(Makefile src/Makefile include/Makefile docs/Makefile \
           po/Makefile.in \
 	  include/libvirt/Makefile include/libvirt/libvirt.h \
 	  python/Makefile python/tests/Makefile \
-          daemon/Makefile \
+          daemon/Makefile daemon/libvirtd.limits \
           tools/Makefile \
           tests/Makefile \
           examples/apparmor/Makefile \
diff --git a/daemon/libvirtd.limits.in b/daemon/libvirtd.limits.in
new file mode 100644
index 0000000..7b580ae
--- /dev/null
+++ b/daemon/libvirtd.limits.in
@@ -0,0 +1,6 @@
+# /etc/security/limits.d/libvirtd.conf
+#
+# Increase default limit for number of processes owned by qemu-user
+# Also see @sysconfdir@/libvirt/qemu.conf where qemu-user can be overridden
+
+ at QEMU_USER@	soft	nproc	10000
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 45a8fe0..02be928 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -705,6 +705,12 @@ mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version}/html \
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu
 %endif
+
+%if %{with_libvirtd} && %{with_qemu}
+install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/security/limits.d/
+cp daemon/libvirtd.limits \
+   $RPM_BUILD_ROOT%{_sysconfdir}/security/limits.d/libvirtd.conf
+%endif
 %if ! %{with_lxc}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.lxc
@@ -869,6 +875,7 @@ fi
 %if %{with_qemu}
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
+%config(noreplace) %{_sysconfdir}/security/limits.d/libvirtd.conf
 %endif
 %if %{with_lxc}
 %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 8c6b996..52c6ac7 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -139,7 +139,9 @@
 # security_driver = "selinux"
 
 
-# The user ID for QEMU processes run by the system instance.
+# The user ID for QEMU processes run by the system instance. If you
+# change this setting, /etc/security/limits.d/libvirtd.conf (if
+# installed) needs to be changed to match this user ID.
 #user = "root"
 
 # The group ID for QEMU processes run by the system instance.
-- 
1.7.4.1