diff -Nru corosync-3.0.3/debian/changelog corosync-3.0.3/debian/changelog
--- corosync-3.0.3/debian/changelog	2020-03-29 21:50:35.000000000 +0000
+++ corosync-3.0.3/debian/changelog	2021-03-10 18:00:12.000000000 +0000
@@ -1,3 +1,13 @@
+corosync (3.0.3-2ubuntu2.1) focal; urgency=medium
+
+  * d/p/lp1911904-Don-t-lock-all-current-and-future-memory-if-can-t-in.patch:
+    - Don't mlockall() if setrlimit() fails (LP: #1911904)
+  * d/p/lp1918735-try-unprivileged-knet-handle-new.patch:
+    - Retry knet_handle_new without privileged flag (LP: #1918735)
+  * d/t: don't skip tests now that we fixed crashing in container
+
+ -- Dan Streetman <ddstreet@canonical.com>  Wed, 10 Mar 2021 13:00:12 -0500
+
 corosync (3.0.3-2ubuntu2) focal; urgency=medium
 
   [Jorge Niedbalski]
diff -Nru corosync-3.0.3/debian/patches/lp1911904-Don-t-lock-all-current-and-future-memory-if-can-t-in.patch corosync-3.0.3/debian/patches/lp1911904-Don-t-lock-all-current-and-future-memory-if-can-t-in.patch
--- corosync-3.0.3/debian/patches/lp1911904-Don-t-lock-all-current-and-future-memory-if-can-t-in.patch	1970-01-01 00:00:00.000000000 +0000
+++ corosync-3.0.3/debian/patches/lp1911904-Don-t-lock-all-current-and-future-memory-if-can-t-in.patch	2021-03-10 18:00:12.000000000 +0000
@@ -0,0 +1,35 @@
+From 77e95bd2d4f569bd158790f34e2200ab0f2eea27 Mon Sep 17 00:00:00 2001
+From: Dan Streetman <ddstreet@canonical.com>
+Date: Wed, 10 Mar 2021 12:48:01 -0500
+Subject: [PATCH] Don't lock all current and future memory if can't increase
+ memlock rlimit
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/corosync/+bug/1911904
+Origin: upstream, https://github.com/corosync/corosync/pull/620
+
+If we fail to increase our RLIMIT_MEMLOCK, then locking all our current
+and future memory is extremely dangerous; once our memory use reaches
+our RLIMIT_MEMLOCK, memory allocations will start failing, very likely
+leading to our entire process crashing.
+
+This can happen if we aren't a privileged process, for example if
+running as non-root user, or inside an unprivileged container.
+---
+ exec/main.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/exec/main.c
++++ b/exec/main.c
+@@ -473,7 +473,12 @@ static void corosync_mlockall (void)
+ #define RLIMIT_MEMLOCK RLIMIT_VMEM
+ #endif
+ 
+-	setrlimit (RLIMIT_MEMLOCK, &rlimit);
++	res = setrlimit (RLIMIT_MEMLOCK, &rlimit);
++	if (res == -1) {
++		LOGSYS_PERROR (errno, LOGSYS_LEVEL_WARNING,
++			"Could not increase RLIMIT_MEMLOCK, not locking memory");
++		return;
++	}
+ 
+ 	res = mlockall (MCL_CURRENT | MCL_FUTURE);
+ 	if (res == -1) {
diff -Nru corosync-3.0.3/debian/patches/lp1918735-try-unprivileged-knet-handle-new.patch corosync-3.0.3/debian/patches/lp1918735-try-unprivileged-knet-handle-new.patch
--- corosync-3.0.3/debian/patches/lp1918735-try-unprivileged-knet-handle-new.patch	1970-01-01 00:00:00.000000000 +0000
+++ corosync-3.0.3/debian/patches/lp1918735-try-unprivileged-knet-handle-new.patch	2021-03-10 18:00:12.000000000 +0000
@@ -0,0 +1,45 @@
+From 7c3ece564913fa607ab65abc23bec1b0048f41fe Mon Sep 17 00:00:00 2001
+From: Dan Streetman <ddstreet@canonical.com>
+Date: Fri, 12 Mar 2021 07:31:47 -0500
+Subject: [PATCH] totemknet: retry knet_handle_new without privileged
+ operations if it fails
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/corosync/+bug/1918735
+Origin: upstream, https://github.com/corosync/corosync/pull/623
+
+knet_handle_new can fail with ENAMETOOLONG if its privileged operations
+fail, which can happen if we're running as a user process or in an
+unprivileged container. Instead of failing to start, let's retry
+without the privileged operations, which may result in a reduction in
+performance, but at least it doesn't completely prevent us from starting.
+
+Signed-off-by: Dan Streetman <ddstreet@canonical.com>
+---
+ exec/totemknet.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+--- a/exec/totemknet.c
++++ b/exec/totemknet.c
+@@ -974,12 +974,20 @@ int totemknet_initialize (
+ 	}
+ 
+ 
+-#if !defined(KNET_API_VER) || (KNET_API_VER == 1)
++#if defined(KNET_API_VER) && (KNET_API_VER == 2)
++	instance->knet_handle = knet_handle_new(instance->totem_config->node_id, instance->logpipes[1], KNET_LOG_DEBUG, KNET_HANDLE_FLAG_PRIVILEGED);
++#else
+ 	instance->knet_handle = knet_handle_new(instance->totem_config->node_id, instance->logpipes[1], KNET_LOG_DEBUG);
+ #endif
+-#if KNET_API_VER == 2
+-	instance->knet_handle = knet_handle_new(instance->totem_config->node_id, instance->logpipes[1], KNET_LOG_DEBUG, KNET_HANDLE_FLAG_PRIVILEGED);
++
++	if (!instance->knet_handle && errno == ENAMETOOLONG) {
++		KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_WARNING, "knet_handle_new failed, trying unprivileged");
++#if defined(KNET_API_VER) && (KNET_API_VER == 2)
++		instance->knet_handle = knet_handle_new(instance->totem_config->node_id, instance->logpipes[1], KNET_LOG_DEBUG, 0);
++#else
++		instance->knet_handle = knet_handle_new_ex(instance->totem_config->node_id, instance->logpipes[1], KNET_LOG_DEBUG, 0);
+ #endif
++	}
+ 
+ 	if (!instance->knet_handle) {
+ 		KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_CRIT, "knet_handle_new failed");
diff -Nru corosync-3.0.3/debian/patches/series corosync-3.0.3/debian/patches/series
--- corosync-3.0.3/debian/patches/series	2020-03-29 21:50:35.000000000 +0000
+++ corosync-3.0.3/debian/patches/series	2021-03-10 18:00:12.000000000 +0000
@@ -22,3 +22,5 @@
 ubuntu-v3.0.3-fixes/lp1869622-c631951e-icmap-icmap_init_r-leaks-if-trie_create-fails.patch
 ubuntu-v3.0.3-fixes/lp1869622-ca320bea-votequorum-set-wfa-status-only-on-startup.patch
 ubuntu-v3.0.3-fixes/lp1869622-efe48120-totemconfig-Free-leaks-found-by-coverity.patch
+lp1911904-Don-t-lock-all-current-and-future-memory-if-can-t-in.patch
+lp1918735-try-unprivileged-knet-handle-new.patch
diff -Nru corosync-3.0.3/debian/tests/cfgtool corosync-3.0.3/debian/tests/cfgtool
--- corosync-3.0.3/debian/tests/cfgtool	2020-03-04 21:39:26.000000000 +0000
+++ corosync-3.0.3/debian/tests/cfgtool	2021-03-10 18:00:12.000000000 +0000
@@ -2,12 +2,6 @@
 
 set -e
 
-ulimit -H -l unlimited 2>/dev/null || {
-    # https://bugs.launchpad.net/bugs/1828228
-    echo "test disabled for unprivileged namespaces"
-    exit 77
-}
-
 OUTPUT="${AUTOPKGTEST_ARTIFACTS:-.}/cfgtool.txt"
 
 corosync-cfgtool -s >"$OUTPUT"
diff -Nru corosync-3.0.3/debian/tests/control corosync-3.0.3/debian/tests/control
--- corosync-3.0.3/debian/tests/control	2020-03-04 21:39:26.000000000 +0000
+++ corosync-3.0.3/debian/tests/control	2021-03-10 18:00:12.000000000 +0000
@@ -1,3 +1,3 @@
 Depends: @
-Restrictions: needs-root, isolation-container, allow-stderr, skippable
+Restrictions: needs-root, isolation-container, allow-stderr
 Tests: cfgtool quorumtool
diff -Nru corosync-3.0.3/debian/tests/quorumtool corosync-3.0.3/debian/tests/quorumtool
--- corosync-3.0.3/debian/tests/quorumtool	2020-03-04 21:39:26.000000000 +0000
+++ corosync-3.0.3/debian/tests/quorumtool	2021-03-10 18:00:12.000000000 +0000
@@ -2,12 +2,6 @@
 
 set -e
 
-ulimit -H -l unlimited 2>/dev/null || {
-    # https://bugs.launchpad.net/bugs/1828228
-    echo "test disabled for unprivileged namespaces"
-    exit 77
-}
-
 OUTPUT="${AUTOPKGTEST_ARTIFACTS:-.}/quorumtool.txt"
 
 corosync-quorumtool >"$OUTPUT"