On Sun, Apr 02, 2006 at 04:32:31PM -0300, Marc G. Fournier wrote: > On Sun, 2 Apr 2006, Kris Kennaway wrote: > > >On Sun, Apr 02, 2006 at 02:55:39PM -0300, Marc G. Fournier wrote: > >> > >>Back in April '05, someone posted a thread about PostgreSQL within FreeBSD > >>jails: > >> > >>http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2005-04/0837.html > >> > >>At the time (and to date) I reported that I was running several PostgreSQL > >>daemons, all on the same port, using FreeBSD 4.x, and all within a jail > >>each ... and I continue to do this without any problems ... > >> > >>Today, on our new FreeBSD 6.x machine, I am now experiencing the same > >>problem that Alexander originally reported ... > >> > >>Its not PostgreSQL related ... I'm running 4x7.4 servers on a FreeBSD 4.x > >>box, all on the same port ... here, I'm trying to run 2x7.4 servers on a > >>FreeBSD RELENG_6 box ... > >> > >>So, something has changed with FreeBSD 6's (and, according to the above > >>thread, 5's) use of shared memory and semaphores that is breaking the > >>ability to do this ... something that did work as hoped in FreeBSD 4 ... > > > >See jail(8)? > > If you are referring to: > > security.jail.sysvipc_allowed > This MIB entry determines whether or not processes within a jail > have access to System V IPC primitives. In the current jail > imple- > mentation, System V primitives share a single namespace across the > host and jail environments, meaning that processes within a jail > would be able to communicate with (and potentially interfere with) > processes outside of the jail, and in other jails. As such, this > functionality is disabled by default, but can be enabled by > setting > this MIB entry to 1. > > That wording hasn't changed since FreeBSD4.x, so you are saying that > FreeBSD6.x has become *less* stable/secure in this regard then FreeBSD 4.x > was? Seems an odd direction to go ...
No, as you say the wording hasn't changed: "meaning that processes within a jail would be able to communicate with (and potentially interfere with) processes outside of the jail, and in other jails.". It looks like your postgresql's are doing this. Kris
pgpv5MJlLzo0c.pgp
Description: PGP signature
