remove rlimit mlock setting

bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/suricata-red0-flow_table_v4", bpf_fd=0, file_flags=0, path_fd=0}, 20) = -1 ENOENT (No such file or directory) prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}, NULL) = -1 EPERM (Operation not permitted) sendto(3, "<171>Oct 15 16:54:13 suricata: [ERRCODE: SC_ERR_MEM_ALLOC(1)] - Unable to lock memory: Operation not permitted (1)", 114, MSG_NOSIGNAL, NULL, 0) = 114 sendto(3, "<172>Oct 15 16:54:13 suricata: [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when loading XDP filter file", 104, MSG_NOSIGNAL, NULL, 0) = 104 Signed-off-by: Vincent Li <[email protected]>
vincentmli · Oct 17, 2024 · 9bd90d0 · 9bd90d0
1 parent a5b0388
commit 9bd90d0
Showing 1 changed file with 0 additions and 9 deletions.
diff --git a/src/util-ebpf.c b/src/util-ebpf.c
@@ -398,15 +398,6 @@ int EBPFLoadMultiXDPFile(AFPIfaceConfig *aconf, const char *path, uint32_t prio,
         return -1;
     }
 
-    /* Sending the eBPF code to the kernel requires a large amount of
-     * locked memory so we set it to unlimited to avoid a ENOPERM error */
-    struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
-    if (setrlimit(RLIMIT_MEMLOCK, &r) != 0) {
-        SCLogError(SC_ERR_MEM_ALLOC, "Unable to lock memory: %s (%d)",
-                   strerror(errno), errno);
-        return -1;
-    }
-
     xdp_opts.open_filename = path;
     p = xdp_program__create(&xdp_opts);
     err = libxdp_get_error(p);