Date: Wed, 24 Apr 2002 16:44:49 +0100 (BST) From: Alex Hayward <xelah@xelah.com> To: Frans Haarman <frans@haarman.com> Cc: <questions@freebsd.org> Subject: Re: will postgresql run in a jail ? Message-ID: <Pine.LNX.4.33.0204241640390.31406-100000@sphinx.mythic-beasts.com> In-Reply-To: <1019641981.3716.16.camel@tesla>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24 Apr 2002, Frans Haarman wrote: > In the developers handbook I found > > ``jail is a very useful tool for running applications in a secure > environment but it does have some shortcomings. Currently, the IPC > mechanisms have not been converted to the suser_xxx so applications such > as MySQL cannot be run within a jail.'' > > I was wondering if this has changed yet (running 4-STABLE), and if > postgres uses the same mechanisms. If you turn the jail.sysvipc_allowed sysctl on then you can use SYSV IPC from within jails. PostgreSQL runs just fine with this turned on. It does, however, use a single global space of SYSV IPC identifiers which means that you can get at PostgreSQL's shared memory memory from other jails thus losing you some of the security advantages. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0204241640390.31406-100000>