From owner-freebsd-questions Wed Apr 24 8:46:17 2002 Delivered-To: freebsd-questions@freebsd.org Received: from sphinx.mythic-beasts.com (sphinx.mythic-beasts.com [195.82.107.246]) by hub.freebsd.org (Postfix) with ESMTP id A1F2D37B405 for ; Wed, 24 Apr 2002 08:46:08 -0700 (PDT) Received: from xelah (helo=localhost) by sphinx.mythic-beasts.com with local-esmtp (Exim 3.33 #2) id 170Owr-0004Xq-00; Wed, 24 Apr 2002 16:44:49 +0100 Date: Wed, 24 Apr 2002 16:44:49 +0100 (BST) From: Alex Hayward X-X-Sender: To: Frans Haarman Cc: Subject: Re: will postgresql run in a jail ? In-Reply-To: <1019641981.3716.16.camel@tesla> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 24 Apr 2002, Frans Haarman wrote: > In the developers handbook I found > > ``jail is a very useful tool for running applications in a secure > environment but it does have some shortcomings. Currently, the IPC > mechanisms have not been converted to the suser_xxx so applications such > as MySQL cannot be run within a jail.'' > > I was wondering if this has changed yet (running 4-STABLE), and if > postgres uses the same mechanisms. If you turn the jail.sysvipc_allowed sysctl on then you can use SYSV IPC from within jails. PostgreSQL runs just fine with this turned on. It does, however, use a single global space of SYSV IPC identifiers which means that you can get at PostgreSQL's shared memory memory from other jails thus losing you some of the security advantages. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message