thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-25 00:52:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed error when program cannot start within container due to capabilities.

Browse Source
This commit is contained in:
Alexey Milovidov 2019-01-23 22:45:31 +03:00
parent 5394ef08af
commit ae2e64f753
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/clickhouse-server.postinst vendored
View File

@ -100,8 +100,10 @@ Please fix this and reinstall this package." >&2
# but the executable file inside the container has capabilities,
# then attempt to run this file will end up with a cryptic "Operation not permitted" message.
TMPFILE=/tmp/test_setcap.sh
command -v setcap >/dev/null \
&& touch /tmp/test.sh && chmod a+x /tmp/test.sh && /tmp/test.sh && setcap "cap_net_admin,cap_ipc_lock+ep" /tmp/test.sh && /tmp/test.sh && rm /tmp/test.sh \
&& echo > $TMPFILE && chmod a+x $TMPFILE && $TMPFILE && setcap "cap_net_admin,cap_ipc_lock+ep" $TMPFILE && $TMPFILE && rm $TMPFILE \
&& setcap "cap_net_admin,cap_ipc_lock+ep" "${CLICKHOUSE_BINDIR}/${CLICKHOUSE_GENERIC_PROGRAM}" \
|| echo "Cannot set 'net_admin' or 'ipc_lock' capability for clickhouse binary. This is optional. Taskstats accounting will be disabled. To enable taskstats accounting you may add the required capability later manually."