main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE

(cherry picked from commit c8884aceefc85245b9bdfb626e2daf27521259bd)
Related: #1789930

diff --git a/src/basic/def.h b/src/basic/def.h
index 4d515c11b6ac12066c1b81c523b817c0d1e7a043..65ad6599992e5518c6a11c4b660134fe06b08a87 100644 (file)
--- a/src/basic/def.h
+++ b/src/basic/def.h
@@ -75,3 +75,6 @@
                 _CONF_PATHS_SPLIT_USR(n))
 
 #define LONG_LINE_MAX (1U*1024U*1024U)
+
+#define HIGH_RLIMIT_NOFILE (256*1024)
+#define HIGH_RLIMIT_MEMLOCK (1024ULL*1024ULL*64ULL)

diff --git a/src/core/main.c b/src/core/main.c
index b8c1e567ad1cb76ed88dfb98a86ba52314ef9934..d6550ea161479bc830d91096272b5090e90a410d 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1168,7 +1168,7 @@ static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
          * should normally disable such checks. We need them to implement IPAccessAllow= and IPAccessDeny=, hence let's
          * bump the value high enough for the root user. */
 
-        r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL));
+        r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(HIGH_RLIMIT_MEMLOCK));
         if (r < 0)
                 return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");