On Wed, 27 Mar 2002, Tom Lane wrote: > "Joel Burton" <[EMAIL PROTECTED]> writes: > >> This will allow you to run a single postgres in a single jail only one > >> user would have access to it. If you try to run more then one it will > >> try to use the same shared memory and crash. > > > Is this, in fact, the case? > > Unless BSD jails have very bizarre shared memory behavior, this is > nonsense. PG can easily run multiple postmasters in the same machine > (there are currently four postmasters of different vintages alive on > the machine I'm typing this on). Give each one a different database > directory and a unique port number, and you're good to go. > > It might be that postmasters in different jails on the same machine > would have to be assigned different port numbers to keep them from > conflicting. Don't know exactly how airtight a BSD jail is ... > but there is an interaction between port number and shared memory > key. I can imagine that a jail that hides processes but not shared > memory segments might confuse our startup logic that tries to detect > whether an existing shared memory segment is safe to reuse or not. > Perhaps your ISP has seen failures of that type from trying to > start multiple postmasters on the same port number in different > jails.
FreeBSD jails are supposed to put just about everything in to different namespaces/contention domains/whatever. You can't see processes running outside a jail from within it, you can't see files outside your jail, you can only use your jail's IP address, etc. However, this doesn't work for SYSV IPC (not in FreeBSD-STABLE, at least) and everything goes in to one machine-wide namespace - hence the sysctl to turn it on/off. PostgreSQL will run quite happily using different port numbers in different jails - but the port numbers MUST be different. Since the ISP is probably using jails to make multiple users as unaware of each other as possible this might be a problem for them... You should probably also consider that someone in /another/ jail might be able to get access to your shared memory segments. This would, most likely, be a bad thing to happen. ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
