StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POFreeBSD: jail can not set security.jail.sysvipc_allowed
primarykey
Id
11909993
data
AcceptedAnswerId
11957647
AnswerCount
5
ClosedDate
2013-05-08T17:36:51.190
CommentCount
4
CommunityOwnedDate
CreationDate
2012-08-10T22:18:53.457
FavoriteCount
6
LastActivityDate
2013-05-08T01:17:13.367
LastEditDate
2012-08-14T17:31:49.480
LastEditorUserId
604912
OwnerUserId
604912
ParentId
0
PostTypeId
1
Score
9
ViewCount
11252
LastEditorDisplayName
text
Body
There is a problem when I init a PostgreSQL database in a FreeBSD jail. I found an article about the problem. I tried its advice but I didn't have any luck and I don't know why. There is the link: <a href="http://www.freebsddiary.org/jail-multiple.php" rel="noreferrer">PostgreSQL in jail</a> . I also read the PostgreSQL documentation on <a href="http://www.postgresql.org/docs/9.1/static/kernel-resources.html" rel="noreferrer">kernel resources</a>: <blockquote> If running in FreeBSD jails by enabling <code>sysctl</code>'s <code>security.jail.sysvipc_allowed</code>, postmasters running in different jails should be run by different operating system users. This improves security because it prevents non-root users from interfering with shared memory or semaphores in different jails, and it allows the PostgreSQL IPC cleanup code to function properly. (In FreeBSD 6.0 and later the IPC cleanup code does not properly detect processes in other jails, preventing the running of postmasters on the same port in different jails.) </blockquote> What I've done: <ul> <li>I edited <code>/etc/rc.conf</code> (on the host machine) and added the line <code>jail_sysvipc_allow="YES"</code> </li> <li>In the jail machine's <code>/etc/sysctl.conf</code>, I add line <code>security.jail.sysvipc_allowed=1</code></li> </ul> I restarted the jail machine multiple times. I haven't restarted the host machine and don't want to. Hope someone can give me a solution or some advice. Thanks so much. This is the message when I restart the jail: <pre><code> /etc/rc.d/sysctl: WARNING: unable to set security.jail.sysvipc_allowed=1 </code></pre> Or when I run sysctl manually: (on jail) <pre><code> root@xxxxx:/home/xxxx# sysctl security.jail.sysvipc_allowed=1 security.jail.sysvipc_allowed: 0 sysctl: security.jail.sysvipc_allowed: Operation not permitted </code></pre> <hr> Freebsd version: FreeBSD xxxxxxx 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE postgreSQL version: postgresql-server-9.1.4 Error Message: <pre><code> root@xxxxxx:/home/xxx # /usr/local/etc/rc.d/postgresql initdb The files belonging to this database system will be owned by user "pgsql". This user must also own the server process. The database cluster will be initialized with locale C. The default text search configuration will be set to "english". creating directory /usr/local/pgsql/data ... ok creating subdirectories ... ok selecting default max_connections ... 10 selecting default shared_buffers ... 400kB creating configuration files ... ok creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create shared memory segment: Function not implemented DETAIL: Failed system call was shmget(key=1, size=2146304, 03600). child process exited with exit code 1 initdb: removing data directory "/usr/local/pgsql/data" </code></pre> <hr> Update: in host machine, /etc/sysctl.conf: security.jail.sysvipc_allowed=1 /etc/rc.conf : jail_sysvipc_allow="YES" In Jail server, there is no extra jail_sysvipc configuration. sysctl value in host machine: <pre><code> root@xxxxx:/home/xxxx# sysctl -a | grep 'sysvipc' security.jail.param.allow.sysvipc: 0 security.jail.sysvipc_allowed: 1 </code></pre> I still get the same error message as I got before. In additional, I am wondering if there is anything with security.jail.param.allow.sysvipc? Because, in host machine, I was not allowed to set it. (security.jail.param.allow.sysvipc 0-> 0)
Tags
<postgresql><freebsd><jail>
Title
FreeBSD: jail can not set security.jail.sysvipc_allowed
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USkaiserhl
UserOwnerUserId
1. USkaiserhl
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POFreeBSD: jail can not set security.jail.sysvipc_allowed
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POFreeBSD: jail can not set security.jail.sysvipc_allowed
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POFreeBSD: jail can not set security.jail.sysvipc_allowed
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.