Re: Postgres in jails

To: Stefan Ott <stefan@ott.net>
Cc: debian-bsd@lists.debian.org
Subject: Re: Postgres in jails
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Fri, 29 Jun 2012 12:05:06 +0100
Message-id: <[🔎] 4FED8BE2.7040003@pyro.eu.org>
In-reply-to: <[🔎] CAOk=tPSq0cSuu9NnDjwXxeqG5zaYC6fB9MXV=xZfRVZJYzYPZg@mail.gmail.com>
References: <[🔎] CAOk=tPT-BK3CAg+vbjJh6x2VuLze9SM-vfr_SVJD2bg_VxifXA@mail.gmail.com> <[🔎] 4FECFB29.2010406@pyro.eu.org> <[🔎] CAOk=tPSq0cSuu9NnDjwXxeqG5zaYC6fB9MXV=xZfRVZJYzYPZg@mail.gmail.com>

Hi,

I don't see any differences in our setup except for my host system being
GNU/kFreeBSD and not upstream FreeBSD.  I also don't have a jexec so I'm
entering the jail by either:

1. jail -m jid=4 command=/bin/bash
2. starting sshd in the jail and then logging into it that way

Maybe the rlimits are in some way different:

> root@jail1001:~# ulimit -a
> socket buffer size       (bytes, -b) unlimited
> core file size          (blocks, -c) 0
> data seg size           (kbytes, -d) 524288
> file size               (blocks, -f) unlimited
> max locked memory       (kbytes, -l) unlimited
> max memory size         (kbytes, -m) unlimited
> open files                      (-n) 1024
> pipe size            (512 bytes, -p) 1
> stack size              (kbytes, -s) 8192
> cpu time               (seconds, -t) unlimited
> max user processes              (-u) 5547
> virtual memory          (kbytes, -v) unlimited

Here are my default shared memory limits:

> root@kfreebsd-i386:~# sysctl -a | grep shm
> kern.ipc.shm_allow_removed: 0
> kern.ipc.shm_use_phys: 0
> kern.ipc.shmall: 4096
> kern.ipc.shmseg: 256
> kern.ipc.shmmni: 192
> kern.ipc.shmmin: 1
> kern.ipc.shmmax: 16777216
> kern.features.sysv_shm: 1
> kern.features.posix_shm: 1


The security.jail.param.allow.sysvipc setting doesn't seem relevant.
Here's a full transcript, but everything seems the same as you've shown me:

> root@jail1001:~# sysctl -a | grep sysv
> kern.features.sysv_msg: 1
> kern.features.sysv_sem: 1
> kern.features.sysv_shm: 1
> security.jail.param.allow.sysvipc: 0
> security.jail.sysvipc_allowed: 0
> root@jail1001:~# pg_createcluster 9.1 main --start
> Creating new cluster (configuration: /etc/postgresql/9.1/main, data: /var/lib/postgresql/9.1/main)...
> could not change directory to "/root"
> FATAL:  could not create shared memory segment: Function not implemented
> DETAIL:  Failed system call was shmget(key=1, size=1900544, 03600).
> child process exited with exit code 1
> initdb: removing contents of data directory "/var/lib/postgresql/9.1/main"
> Error: initdb failed

Then after "jail -m jid=4 allow.sysvipc=1" on the host:

> root@jail1001:~# sysctl -a | grep sysvipc
> security.jail.param.allow.sysvipc: 0
> security.jail.sysvipc_allowed: 1
> root@jail1001:~# pg_createcluster 9.1 main --start
> Creating new cluster (configuration: /etc/postgresql/9.1/main, data: /var/lib/postgresql/9.1/main)...
> could not change directory to "/root"
> Moving configuration file /var/lib/postgresql/9.1/main/postgresql.conf to /etc/postgresql/9.1/main...
> Moving configuration file /var/lib/postgresql/9.1/main/pg_hba.conf to /etc/postgresql/9.1/main...
> Moving configuration file /var/lib/postgresql/9.1/main/pg_ident.conf to /etc/postgresql/9.1/main...
> Configuring postgresql.conf to use port 5432...

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Reply to:

Follow-Ups:
- Re: Postgres in jails
  - From: Steven Chamberlain <steven@pyro.eu.org>

References:
- Postgres in jails
  - From: Stefan Ott <stefan@ott.net>
- Re: Postgres in jails
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: Postgres in jails
  - From: Stefan Ott <stefan@ott.net>

Prev by Date: Re: Postgres in jails
Next by Date: Bug#679313 closed by Helge Kreutzmann <debian@helgefjell.de> (Bug#679313: fixed in goobox 3.0.1-2)
Previous by thread: Re: Postgres in jails
Next by thread: Re: Postgres in jails
Index(es):
- Date
- Thread