From owner-freebsd-jail@freebsd.org Fri Oct 11 12:24:16 2019 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4EB7D14C2EF for ; Fri, 11 Oct 2019 12:24:16 +0000 (UTC) (envelope-from lan@zato.ru) Received: from mail.zato.ru (mail.zato.ru [178.255.248.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.zato.ru", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46qRvy4W3Wz4T27 for ; Fri, 11 Oct 2019 12:24:14 +0000 (UTC) (envelope-from lan@zato.ru) Received: from startsnto.ru ([81.200.243.105] helo=[192.168.175.30]) by mail.zato.ru with esmtpsa (TLSv1.2:AES128-SHA:128) (Exim 4.84 (FreeBSD)) (envelope-from ) id 1iItxr-00037E-1g for freebsd-jail@freebsd.org; Fri, 11 Oct 2019 15:24:12 +0300 To: freebsd-jail@freebsd.org From: "Alexander N. Lunev" Message-ID: <2a606e15-20bb-0976-213e-b83294a6f504@zato.ru> Date: Fri, 11 Oct 2019 15:24:04 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: ru Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 81.200.243.105 X-SA-Exim-Mail-From: lan@zato.ru X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.zato.local X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 Subject: databases/mongodb36 in jail - Failed to mlock: Operation not permitted X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on mail.zato.ru) X-Rspamd-Queue-Id: 46qRvy4W3Wz4T27 X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.73 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[zato.ru:s=mailserverdkimkey]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:178.255.248.12]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.73)[ip: (-9.81), ipnet: 178.255.248.0/24(-4.91), asn: 56868(-3.93), country: RU(0.01)]; DKIM_TRACE(0.00)[zato.ru:+]; DMARC_POLICY_ALLOW(-0.50)[zato.ru,reject]; RECEIVED_SPAMHAUS_PBL(0.00)[105.243.200.81.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:56868, ipnet:178.255.248.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 12:24:16 -0000 Hello everybody. I want to run MongoDB 3.6 in a jail, and stuck in a bug with mlock. # uname -a FreeBSD foo.zato.local 12.1-PRERELEASE FreeBSD 12.1-PRERELEASE r352266 GENERIC amd64 # pkg install mongodb36 ... # sysrc mongod_enable="YES" # service mongod start Then connect to mongo from shell and try to add user like they say in tutorial https://docs.mongodb.com/v3.6/tutorial/enable-authentication/ : # mongo MongoDB shell version v3.6.13 connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb Implicit session: session { "id" : UUID("1e9f8ba6-4882-4453-a6ac-89c51edb3269") } MongoDB server version: 3.6.13 Welcome to the MongoDB shell. ... skip warnings ... > use admin switched to db admin > db.createUser( ... { ... user: "newAdmin", ... pwd: "abc123", ... roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ] ... } ... ) Successfully added user: { "user" : "newAdmin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, "readWriteAnyDatabase" ] } > bye Then try to login using newly created user: # mongo -u newAdmin -p abc123 MongoDB shell version v3.6.13 connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb 2019-10-11T15:17:37.223+0300 F - [thread1] Failed to mlock: Operation not permitted 2019-10-11T15:17:37.224+0300 F - [thread1] Fatal Assertion 28832 at src/mongo/base/secure_allocator.cpp 249 2019-10-11T15:17:37.226+0300 F - [thread1] ***aborting after fassert() failure 2019-10-11T15:17:37.229+0300 F - [thread1] Got signal: 6 (Abort trap). 0x28a40b9 0x28a397b 0x802fda3c0 ----- BEGIN BACKTRACE ----- {"backtrace":[{"b":"1021000","o":"18830B9","s":"_ZN5mongo15printStackTraceERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEE"},{"b":"1021000","o":"188297B","s":"_ZN5mongo29reportOutOfMemoryErrorAndExitEv"},{"b":"802FC6000","o":"143C0","s":"_pthread_sigmask"}],"processInfo":{ "mongodbVersion" : "3.6.13", "gitVersion" : "db3c76679b7a3d9b443a0e1b3e45ed02b88c539f", "compiledModules" : [], "uname" : { "sysname" : "FreeBSD", "release" : "12.1-PRERELEASE", "version" : "FreeBSD 12.1-PRERELEASE r352266 GENERIC", "machine" : "amd64" } }} mongo(_ZN5mongo15printStackTraceERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEE+0x39) [0x28a40b9] mongo(_ZN5mongo29reportOutOfMemoryErrorAndExitEv+0x15B) [0x28a397b] libthr.so.3(_pthread_sigmask+0x530) [0x802fda3c0] ----- END BACKTRACE ----- This will work if not in jail. mongod is running with --setParameter=disabledSecureAllocatorDomains=*: /usr/local/bin/mongod --logpath /var/db/mongodb/mongod.log --logappend --setParameter=disabledSecureAllocatorDomains=* --config /usr/local/etc/mongodb.conf --dbpath /var/db/mongodb --fork Is it a bug, or I need to tinker with jail parameters somehow? -- Best regards, Alexander Lunev