From owner-freebsd-hackers@FreeBSD.ORG Fri Aug 27 16:57:27 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B21116A4CE for ; Fri, 27 Aug 2004 16:57:27 +0000 (GMT) Received: from stf01.seccuris.com (stf01.seccuris.com [204.112.0.40]) by mx1.FreeBSD.org (Postfix) with SMTP id D290E43D3F for ; Fri, 27 Aug 2004 16:57:26 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: (qmail 38642 invoked by uid 1006); 27 Aug 2004 16:57:25 -0000 Date: Fri, 27 Aug 2004 16:57:25 +0000 From: "Christian S.J. Peron" To: Dmitry Karasik Message-ID: <20040827165725.A36937@stf01.seccuris.com> References: <84zn4g7go5.fsf_-_@plab.ku.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <84zn4g7go5.fsf_-_@plab.ku.dk>; from dmitry@karasik.eu.org on Fri, Aug 27, 2004 at 05:18:50PM +0200 cc: hackers@freebsd.org Subject: Re: shared memory in jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Aug 2004 16:57:27 -0000 On 27 Aug 2004 Dmitry Karasik wrote: > > Hi hackers, > > I've been playing with shared memory in jails, and very soon found > out that one jail's segments are visible (didn't check the accesibility > thoroughly) in another, which IMO is against the very idea of the jail. > ( The exact problem is that postgresqls, when run in jails, try to use same > set of IPC keys and (expectedly) fail ). Yes, this is a known issue with prisons. iirc for this very reason we default security.jail.sysvipc_allowed to 0. I think it would be beneficial to solve this problem, however I have not had much time to look into it. -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer