Increasing pinned page limit for unprivileged pods

Cluster information:

Kubernetes version: v1.24.1+k3s1
Cloud being used: bare-metal
Installation method:
Host OS: Ubuntu 22.04
CNI and version:
CRI and version: containerd://1.6.6-k3s1

I am getting ENOMEM from some ioctl’s in my program which is running in an unprivileged pod. My observation is when ‘VmPin’ in /proc//status reaches 64K the ioctl’s fail and when I set the ‘securityContext.privileged’ as true then I don’t get ENOMEM even when the pinned page count reaches 1024K. I tried increasing ‘resources.request.memory’ and ‘resource.limits.memory’ without any change in behavior. Is there a way to increase pinned page limit in manifest file ?


I am able to break the 64K barrier by adding IPC_LOCK in “securityContext.capabilities”. Marking this as solved.