Need for SysV IPC to be confined to jail instances
Dear all, I have come to understand that postgresql needs sys v ipc. I haven't tried to figure out why exactly, but I'm sure they have good reasons. As I came to understand, if you enable jail_sysvipc_allow in rc.conf I am defeating the purpose of a jail. So basically I if you want pgsql in a jail you're wanting something which is impossible on FreeBSD. I got a suggestion that it might be possible to have sys v ipc confined to a jail instance and perhaps let it work like a telephone number. Every jail gets localized IPC numbers, and systemwide they just become jailid + localized ipc number. I was wondering if this is at all possible and if so how I would go about submitting a PR for this. Kind Regards, Gabor ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need for SysV IPC to be confined to jail instances
On Sat, Nov 24, 2007 at 12:11:18PM +0100, Gabor Tjong A Hung wrote: As I came to understand, if you enable jail_sysvipc_allow in rc.conf I am defeating the purpose of a jail. Not totally defeating the purpose but SysV IPC is not jail-aware so any jailed process can see and affect the global SysV IPC state. I got a suggestion that it might be possible to have sys v ipc confined to a jail instance and perhaps let it work like a telephone number. This has come up before. See (eg): http://www.freebsd.org/cgi/query-pr.cgi?pr=48471 and the thread beginning http://lists.freebsd.org/pipermail/freebsd-current/2006-April/062261.html -- Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. pgp5VSsD43uRw.pgp Description: PGP signature