Thank you! On 6/11/15 7:04 PM, kikuc...@uranus.dti.ne.jp wrote: > Thank you for your reply! > > Just appended, is this OK? > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=48471 > > > On Thu, 11 Jun 2015 18:24:43 -0700, Alfred Perlstein <alf...@freebsd.org> > wrote: >> Can a bugzilla or github request please be made for this so that it >> doesn't get lost? >> >> thank you, >> -Alfred >> >> On 6/11/15 6:17 PM, kikuc...@uranus.dti.ne.jp wrote: >>> Hello, >>> >>> I'm (still) trying to figure out how jail-aware SysV IPC mechanism should >>> be. >>> >>> I want to run PostgreSQL in each jail without changing UID for each jail. >>> If you don't change UID on each jail, it doesn't work due to IPC objects >>> conflict between jails. >>> See also; >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=48471 >>> http://www.freebsddiary.org/jail-multiple.php >>> https://wiki.freebsd.org/Jails >>> https://forums.freebsd.org/threads/postgresql-in-jail.51528/ >>> >>> There is a patch for 4.7-STABLE on bugzilla (see above) to solve the >>> problem by completely separating namespace for each jail in kernel, >>> but I couldn't find any (other) implementation that works on recent FreeBSD. >>> I've also tried to re-write the patch for recent FreeBSD, but I couldn't >>> make it properly due to my limited kernel knowledge ;( >>> >>> Anyway, I created (and update) a patch to trying to solve the problem by >>> simply separating IPC key_t space for each jail. >>> The attached patch can be applied to 10-STABLE (or CURRENT?). >>> >>> After the patch is applied; >>> - IPC objects created on parent jail, are invisible to children. >>> - IPC objects created on neighbor jail, are also invisible each other. >>> - IPC objects craeted on child jail, are VISIBLE from parent. >>> - IPC key_t spaces are separated between jails. If you see the key_t named >>> object from parent, it's shown as IPC_PRIVATE. >>> >>> I choose this design of feature, however, I'm not sure this is the right >>> design for jail-aware IPC. >>> If you prefer the completely separated namespace approach, it's ok. I want >>> to focus on how the IPC mechanism dealing with hierarchical jail system. >>> >>> So I need more feedbacks. Could you help me please? >>> You can dig and play with ipcs(1)/ipcrm(1) to see what happend on each jail. >>> >>> Thanks. >>> >>> -- >>> Kikuchan >>> >>> >>> _______________________________________________ >>> freebsd-hack...@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >>> To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org" >> _______________________________________________ >> freebsd-hack...@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
_______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
