Date: Fri, 27 Aug 2004 16:57:25 +0000 From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Dmitry Karasik <dmitry@karasik.eu.org> Cc: hackers@freebsd.org Subject: Re: shared memory in jails Message-ID: <20040827165725.A36937@stf01.seccuris.com> In-Reply-To: <84zn4g7go5.fsf_-_@plab.ku.dk>; from dmitry@karasik.eu.org on Fri, Aug 27, 2004 at 05:18:50PM %2B0200 References: <84zn4g7go5.fsf_-_@plab.ku.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27 Aug 2004 Dmitry Karasik wrote: > > Hi hackers, > > I've been playing with shared memory in jails, and very soon found > out that one jail's segments are visible (didn't check the accesibility > thoroughly) in another, which IMO is against the very idea of the jail. > ( The exact problem is that postgresqls, when run in jails, try to use same > set of IPC keys and (expectedly) fail ). Yes, this is a known issue with prisons. iirc for this very reason we default security.jail.sysvipc_allowed to 0. I think it would be beneficial to solve this problem, however I have not had much time to look into it. -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040827165725.A36937>