cannot bind memory to host NUMA nodes: Operation not permitted

[mikk150]

docker logs

+ exec qemu-system-x86_64 -enable-kvm -smp 2 -m 4096 -drive file=/tmp/hda.qcow2,index=0,media=disk,discard=unmap,detect-zeroes=unmap,if=none,id=hda -device virtio-scsi-pci -device scsi-hd,drive=hda -cdrom /tmp/virtio-win.iso -netdev user,hostname=66abbd34151f,hostfwd=tcp::22-:22,hostfwd=udp::22-:22,hostfwd=tcp::5555-:5555,hostfwd=udp::5555-:5555,hostfwd=tcp::4444-:4444,hostfwd=udp::4444-:4444,id=net -device virtio-net-pci,netdev=net -vnc :0 -serial stdio -bios /tmp/OVMF.fd -usbdevice tablet -smp 2
qemu-system-x86_64: -usbdevice tablet: '-usbdevice' is deprecated, please use '-device usb-...' instead
qemu-system-x86_64: cannot bind memory to host NUMA nodes: Operation not permitted

[mikk150]

I think I figured it out, needed to add sys_nice capability

[tianon]

Nice! It's also possible you need some additional bits in your seccomp profile for things like NUMA but if adding SYS_NICE is enough that's certainly easier! 👍

[tianon]

As discovered/discussed over in #7, this is something upstream has merged a fix for (AFAIK, targeting the next stable release of 5.x; https://github.com/ehabkost/qemu/commit/08ec0d4e2bf3e73229ce7a4e537a57794848d319), so I'm reopening this to track backporting that patch. :tada: :+1: