Jul 092013

I recently upgraded a jail server from FreeBSD 8.2 to FreeBSD 8.4. This stopped various jails from starting their own instances of PostgreSQL. The messages in the logs were:

Jul  9 14:48:48 building postgres[40785]: [2-1] FATAL:  could not create shared memory segment: Function not implemented
Jul  9 14:48:48 building postgres[40785]: [2-2] DETAIL:  Failed system call was shmget(key=5432001, size=12099584, 03600).

In my jails, I was seeing:

$ sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 0

Looking at my previous writings on this topic, I found the same error message [note, that article doesn’t deal with ezjail, but helps with basic jail knowledge] but in that case, the issue was not having set jail_sysvipc_allow set in /etc/rc.conf. It seems that this is no longer sufficient. The parameters must be passed to the jail. Since I am using ezjail, I can do this by altering the configuration file for the jails in question. These files are located in the /usr/local/etc/ezjail directory.

I added these entries to the file:

# To allow PostgreSQL to run in the jail.
# It is no longer sufficient to just set security.jail.sysvipc_allowed in
# the host system.
export jail_**MY_JAIL_NAME**_parameters="allow.raw_sockets=1 allow.sysvipc=1"

where “**MY_JAIL_NAME**” is the value you can find elsewhere in that file. What’s the name of the file? That’s related to your jail name. In my case, the jail name was pg92.example.org.

NOTE: I find now that I needed only allow.sysvipc=1. allow.raw_sockets=1 is for something else, and not required to get PostgreSQL running in the jail.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive