diff --git a/roles/containerd/handlers/main.yml b/roles/containerd/handlers/main.yml
index 4c5f7e3..fee82a4 100644
--- a/roles/containerd/handlers/main.yml
+++ b/roles/containerd/handlers/main.yml
@@ -12,6 +12,11 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
+    daemon_reexec: true
+
 - name: Restart containerd
   ansible.builtin.service:
     name: containerd
diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml
index 62ffbe2..95b38e6 100644
--- a/roles/containerd/tasks/main.yml
+++ b/roles/containerd/tasks/main.yml
@@ -44,6 +44,16 @@
   notify:
     - Restart containerd
 
+- name: Bump DefaultLimitMEMLOCK for system
+  ansible.builtin.lineinfile:
+    path: /etc/systemd/system.conf
+    regexp: '^DefaultLimitMEMLOCK='
+    line: 'DefaultLimitMEMLOCK=infinity'
+    state: present
+  notify:
+    - Reload systemd
+    - Restart containerd
+
 - name: Force any restarts if necessary
   ansible.builtin.meta: flush_handlers