From ee19c8073345877c6cb9e6fa760660b82b71558d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 8 Nov 2019 12:03:23 +0100
Subject: [PATCH] test-bpf-firewall: do not mlock() a large amount of memory

64MB is not that much, but let's not be greedy, esp. because we may run
many things in parallel.

Also, rlim_cur should never be higher than rlim_max, so let's simplify our
code.
---
 src/test/test-bpf-firewall.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/test/test-bpf-firewall.c b/src/test/test-bpf-firewall.c
index 3155cd2..9fd1b42 100644
--- a/src/test/test-bpf-firewall.c
+++ b/src/test/test-bpf-firewall.c
@@ -16,8 +16,8 @@
 #include "unit.h"
 #include "virt.h"
 
-/* We use the same limit here that PID 1 bumps RLIMIT_MEMLOCK to if it can */
-#define CAN_MEMLOCK_SIZE (64U*1024U*1024U)
+/* We use the small but non-trivial limit here */
+#define CAN_MEMLOCK_SIZE (512 * 1024U)
 
 static bool can_memlock(void) {
         void *p;
@@ -64,7 +64,7 @@ int main(int argc, char *argv[]) {
                 return log_tests_skipped("test-bpf-firewall fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
 
         assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0);
-        rl.rlim_cur = rl.rlim_max = MAX3(rl.rlim_cur, rl.rlim_max, CAN_MEMLOCK_SIZE);
+        rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);
         (void) setrlimit(RLIMIT_MEMLOCK, &rl);
 
         if (!can_memlock())
-- 
2.7.4