Re: Postgres in jails
On Fri, Jun 29, 2012 at 2:47 AM, Steven Chamberlain <steven@pyro.eu.org> wrote:
> Hi!
>
> Sounds like a fun thing to do, so I also tried installing postgres9.1 in
> a Wheezy jail on GNU/kFreeBSD. I got the same error at first.
>
> Running sysctl *inside* the jail I could see this:
>> security.jail.sysvipc_allowed: 0
That seems to be set correctly here (running inside the jail):
# sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1
But there seems to be another setting that might be relevant:
# sysctl -a | grep sysvipc
security.jail.param.allow.sysvipc: 0
security.jail.sysvipc_allowed: 1
> So I tried this on the host system:
>> jail -m name=jail1001 allow.sysvipc=1
> (name=jail1001 is something I defined when I created that jail)
For some reason it doesn't seem to like me specifying the jail by name
so I used the jail ID instead. However, that doesn't really change
anything:
# jail -m jid=11 allow.sysvipc=1
# jexec 11 /bin/bash
root@db-postgres# sysctl -a | grep sysvipc
security.jail.param.allow.sysvipc: 0
security.jail.sysvipc_allowed: 1
> Maybe you were running sysctl on the host system here (where sysvipc was
> allowed) instead of inside the jail (where security.jail has a separate
> namespace, and you'd probably have seen it was disallowed) :
>> # sysctl security.jail.sysvipc_allowed
>> security.jail.sysvipc_allowed: 1
I don't think I did but even if, this time I certainly didn't :)
cheers
--
Stefan Ott
http://www.ott.net/
"You are not Grey Squirrel?"
Reply to: