Bug 584644

Environment:

Gentoo with openrc init system but this might also (partly) be true for systemd.

Symptom:

After configuring vault the service immediately crashes after "/etc/init.d/vault start". The logs say this:

"""
Error initializing core: Failed to lock memory: cannot allocate memory

This usually means that the mlock syscall is not available.
Vault uses mlock to prevent memory from being swapped to
disk. This requires root privileges as well as a machine
that supports mlock. Please enable mlock on your system or
disable Vault from using it. To disable Vault from using it,
set the `disable_mlock` configuration option in your configuration
file.
Error initializing core: Failed to lock memory: cannot allocate memory

This usually means that the mlock syscall is not available.
Vault uses mlock to prevent memory from being swapped to
disk. This requires root privileges as well as a machine
that supports mlock. Please enable mlock on your system or
disable Vault from using it. To disable Vault from using it,
set the `disable_mlock` configuration option in your configuration
file.
"""

A look into the ebuild shows the following lines:

"""
FILECAPS=(
    -m 755 'cap_ipc_lock=+ei' usr/bin/${PN}
)
"""

The vault documentation https://www.vaultproject.io/docs/config/ sais:

"""
sudo setcap cap_ipc_lock=+ep $(readlink -f $(which vault))
"""

So the ebuild should do:

"""
FILECAPS=(
    -m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
)
"""

There is also a bug in the init.d template:

"""
command_args="agent -config-dir=/etc/vault.d ${command_args}"
"""

The command for starting the server is "server" not "agent".
Also the "server" command does not know the argument "-config-dir".
So this line should be:

"""
command_args="server ${command_args}"
"""