0

We have our custom php-buildpack running in cloudfoundry container. Issue is that apache start -> php-fpm (here shared memory code run fine). php-fpm exec() php scripts which start -> php-cli (it core dump on shared memory code).

For shared memory we use boost-1.56.0 Example :- 

<?php
 exec("php  anotherscript.php");
 ?>

anotherscript.php

<?php
  custom extention call i.e c/c++ code 
?>

========== sample.cpp (create shared memoory using boost)

permissions perms;
perms.set_unrestricted();
managed_shared_memory segment(create_only, SharedDataShmSegmentName, segmentSize, 0, perms);
interprocess_sharable_mutex *mutex= segment.construct<interprocess_sharable_mutex>(SharedDataShmMutexName)();

It gives core dump as - Signal 11 (segmentation fault)(core dumped)

We are suspecting child exec() will have less privileges than master process or child exec() will not have shared memory permission like CAP_IPC_LOCK capabilities.

Is there issue with Cloudfoundry container child process created by exec() with shared memory (boost - 1.56.0) ?

Mr.Pramod Anarase
  • 1,454
  • 2
  • 15
  • 19

1 Answers1

1

Your Cloud Foundry administrator needs to enable privileged containers otherwise CF drops CAP_IPC_LOCK capability. See https://docs.cloudfoundry.org/concepts/container-security.html

Also shared memory is a "special" memory. For example Docker allows only 64MB of shared memory by default. Of course, it can be increased by special parameter --shm-size="" - see https://docs.docker.com/engine/reference/run/

But CF doesn't use Docker, but Garden-runC which may need special parameter for shared memory size.

Jan Garaj
  • 25,598
  • 3
  • 38
  • 59