linux docker linux-kernel hashicorp-vault

Why does Vault by HashiCorp require the ipc_lock capability to be enabled?

Solution

It's required for this server config option: https://www.vaultproject.io/docs/configuration/index.html#disable_mlock

It uses the mlock syscall which blocks process memory from being swapped to disk. By default this is enabled as you want to avoid swapping your Vault memory onto unencrypted disk.

Usually that capability comes up when running Vault within a container, which I believe allows the container to access the mlock syscall without escalating privileges.

Getting an error that states "printf.c: No such file or directory" while using GDB on a very basic C program for temperature conversion
When a user process swaps out a page, is the virtual address of the page in user space or kernel space?
X11 compositing: how to manually update redirected window
Linux uptime history
Python at Synology, how to get Python3 modules installed and where is Python2.7 installed?
WARNING: erroneous pipeline: no element "rtspclientsink"
Why no call fstab64 after read? And can this be a problem?
How can I force changing the keyboard layout in Linux in IDE?
ExecStart in systemd service does not support file names containing *
How to list first level directories only in C?
Using the passwd command from within a shell script
confused by sys_stat, sys_statfs syscall works
How do you normalize a file path in Bash?
How can I recall the argument of the previous bash command?
Getting code 2 while building with dockerfile
How to determine pid of process started via os.system
How would I use strings inside a for loop?
Add a prefix string to beginning of each line
Using awk to print all columns from the nth to the last
Reading data from PDF files into R
Add New Kernel Parameter To Custom Linux Image Generated By Yocto
Installing GCC from source on Alpine
Cannot find /lib64/ld-linux-x86-64.so.2
How can I install libstdc++6 for my app on Heroku?
how can i change the venv of my current shell from within a python script
Linux mint drag & drop files on my program's desktop icon
mkdir -p fails when directory exists
Unable to start postgresql service on CentOS 7
Git - how to remove branch from checkout autocomplete
Getting a "-bash: [: : integer expression expected" error on bash shell startup in arch