[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Postgres in jails

On Fri, Jun 29, 2012 at 2:47 AM, Steven Chamberlain <steven@pyro.eu.org> wrote:
> Hi!
>
> Sounds like a fun thing to do, so I also tried installing postgres9.1 in
> a Wheezy jail on GNU/kFreeBSD.  I got the same error at first.
>
> Running sysctl *inside* the jail I could see this:
>> security.jail.sysvipc_allowed: 0

That seems to be set correctly here (running inside the jail):

# sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1

But there seems to be another setting that might be relevant:

# sysctl -a | grep sysvipc
security.jail.param.allow.sysvipc: 0
security.jail.sysvipc_allowed: 1

> So I tried this on the host system:
>> jail -m name=jail1001 allow.sysvipc=1
> (name=jail1001 is something I defined when I created that jail)

For some reason it doesn't seem to like me specifying the jail by name
so I used the jail ID instead. However, that doesn't really change
anything:

# jail -m jid=11 allow.sysvipc=1
# jexec 11 /bin/bash
root@db-postgres# sysctl -a | grep sysvipc
security.jail.param.allow.sysvipc: 0
security.jail.sysvipc_allowed: 1

> Maybe you were running sysctl on the host system here (where sysvipc was
> allowed) instead of inside the jail (where security.jail has a separate
> namespace, and you'd probably have seen it was disallowed) :
>> # sysctl security.jail.sysvipc_allowed
>> security.jail.sysvipc_allowed: 1

I don't think I did but even if, this time I certainly didn't :)

cheers
-- 
Stefan Ott
http://www.ott.net/

"You are not Grey Squirrel?"
Reply to: