I have a docker image that runs fine on Debian jessie (with kernel 3.16), and when I moved that image to an Ubuntu host (kernel 3.13), postgresql failed to come up. I've narrowed it down to a difference in behaviour when accessing a certain file, and my only explication for it is the difference in host kernel. I'd like to know if anyone has confirm this to be the problem, or has ideas on a possible different root cause for it. The following sequence of commands shows the problem. First on the 'good' host:
root@lava-docker:/etc# ls -l /etc/ssl/private/ssl-cert-snakeoil.key
-rw-r----- 1 root ssl-cert 1708 Oct 20 19:31 /etc/ssl/private/ssl-cert-snakeoil.key
root@lava-docker:/etc# su - postgres
postgres@lava-docker:~$ ls -l /etc/ssl/private/ssl-cert-snakeoil.key
-rw-r----- 1 root ssl-cert 1708 Oct 20 19:31 /etc/ssl/private/ssl-cert-snakeoil.key
postgres@lava-docker:~$ ls -ld /etc/ssl/private
drwx--x--- 2 root ssl-cert 4096 Oct 20 19:31 /etc/ssl/private
postgres@lava-docker:~$ id
uid=110(postgres) gid=115(postgres) groups=115(postgres),114(ssl-cert)
now the same sequence on the 'bad' host:
root@lava-docker:/# ls -l /etc/ssl/private/ssl-cert-snakeoil.key
-rw-r----- 1 root ssl-cert 1708 Oct 20 19:31 /etc/ssl/private/ssl-cert-snakeoil.key
root@lava-docker:/# su - postgres
postgres@lava-docker:~$ ls -l /etc/ssl/private/ssl-cert-snakeoil.key
ls: cannot access /etc/ssl/private/ssl-cert-snakeoil.key: Permission denied
postgres@lava-docker:~$ ls -ld /etc/ssl/private
drwx--x--- 2 root ssl-cert 4096 Oct 20 19:31 /etc/ssl/private
postgres@lava-docker:~$ id
uid=110(postgres) gid=115(postgres) groups=115(postgres),114(ssl-cert)
as can be seen, even though the file and directory permissions are identical, as is the user configuration (same docker image after all), on one postgres user can see it, but not on the other. This directory is not mounted with volume option, it is under aufs control
