There is a problem when I init a PostgreSQL database in a FreeBSD jail.
I found an article about the problem. I tried its advice but I didn't have any luck and I don't know why. There is the link: PostgreSQL in jail .
I also read the PostgreSQL documentation on kernel resources:
If running in FreeBSD jails by enabling
sysctl
'ssecurity.jail.sysvipc_allowed
, postmasters running in different jails should be run by different operating system users. This improves security because it prevents non-root users from interfering with shared memory or semaphores in different jails, and it allows the PostgreSQL IPC cleanup code to function properly. (In FreeBSD 6.0 and later the IPC cleanup code does not properly detect processes in other jails, preventing the running of postmasters on the same port in different jails.)
What I've done:
- I edited
/etc/rc.conf
(on the host machine) and added the linejail_sysvipc_allow="YES"
- In the jail machine's
/etc/sysctl.conf
, I add linesecurity.jail.sysvipc_allowed=1
I restarted the jail machine multiple times. I haven't restarted the host machine and don't want to.
Hope someone can give me a solution or some advice. Thanks so much.
This is the message when I restart the jail:
/etc/rc.d/sysctl: WARNING: unable to set security.jail.sysvipc_allowed=1
Or when I run sysctl manually: (on jail)
root@xxxxx:/home/xxxx# sysctl security.jail.sysvipc_allowed=1
security.jail.sysvipc_allowed: 0
sysctl: security.jail.sysvipc_allowed: Operation not permitted
Freebsd version: FreeBSD xxxxxxx 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE
postgreSQL version: postgresql-server-9.1.4
Error Message:
root@xxxxxx:/home/xxx # /usr/local/etc/rc.d/postgresql initdb
The files belonging to this database system will be owned by user "pgsql".
This user must also own the server process.
The database cluster will be initialized with locale C.
The default text search configuration will be set to "english".
creating directory /usr/local/pgsql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 10
selecting default shared_buffers ... 400kB
creating configuration files ... ok
creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create
shared memory segment: Function not implemented
DETAIL: Failed system call was shmget(key=1, size=2146304, 03600).
child process exited with exit code 1
initdb: removing data directory "/usr/local/pgsql/data"
Update:
in host machine, /etc/sysctl.conf: security.jail.sysvipc_allowed=1 /etc/rc.conf : jail_sysvipc_allow="YES"
In Jail server, there is no extra jail_sysvipc configuration.
sysctl value in host machine:
root@xxxxx:/home/xxxx# sysctl -a | grep 'sysvipc'
security.jail.param.allow.sysvipc: 0
security.jail.sysvipc_allowed: 1
I still get the same error message as I got before.
In additional, I am wondering if there is anything with security.jail.param.allow.sysvipc? Because, in host machine, I was not allowed to set it. (security.jail.param.allow.sysvipc 0-> 0)