From owner-freebsd-security  Thu Sep 28 17:17:53 2000
Delivered-To: freebsd-security@freebsd.org
Received: from thelab.hub.org (CDR20-55.accesscable.net [24.138.20.55])
	by hub.freebsd.org (Postfix) with ESMTP id E72F037B509
	for <freebsd-security@FreeBSD.ORG>; Thu, 28 Sep 2000 17:16:41 -0700 (PDT)
Received: from localhost (scrappy@localhost)
	by thelab.hub.org (8.11.0/8.11.0) with ESMTP id e8T0F9604394;
	Thu, 28 Sep 2000 21:15:11 -0300 (ADT)
	(envelope-from scrappy@hub.org)
X-Authentication-Warning: thelab.hub.org: scrappy owned process doing -bs
Date: Thu, 28 Sep 2000 21:15:09 -0300 (ADT)
From: The Hermit Hacker <scrappy@hub.org>
To: Paulo Fragoso <paulo@nlink.com.br>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Jail + PostgreSQL
In-Reply-To: <Pine.BSF.4.10.10009281013250.83565-100000@mirage.nlink.com.br>
Message-ID: <Pine.BSF.4.21.0009282111000.662-100000@thelab.hub.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


default kernel install has Shared memory set too low in order that you can
run N postmasters on the same machine ... I'm using the following settings
in my kernel to allow me to run 5 on the same machine:

options		SYSVSHM
options         SHMMAXPGS=524288
options         SHMSEG=64

options         SYSVSEM
options         SEMMNI=80
options         SEMMNS=480
options         SEMMNU=240
options         SEMMAP=240

options         SYSVMSG                 #SYSV-style message queues

you can also use the -B and -N options to reduce the amount of shared
memory that is used on the system ...

On Thu, 28 Sep 2000, Paulo Fragoso wrote:

> Hi,
> 
> We've got two jails's in same FreeBSD box. Sendmail, httpd, sshd are
> running fine but postgresql fails on startup in two jails (jails
> environment):
> 
> pg_ctl: It seems another postmaster is running. Try to start postmaster
> anyway.
> pg_ctl: Cannot start postmaster. Is another postmaster is running?
> IpcSemaphoreCreate: semget failed (No space left on device) key=5432015,
> num=16, permission=600
> This type of error is usually caused by an improper
> shared memory or System V IPC semaphore configuration.
> For more information, see the FAQ and platform-specific
> FAQ's in the source directory pgsql/doc or on our
> web site at http://www.postgresql.org.
> FATAL 1:  InitProcGlobal: IpcSemaphoreCreate failed
> 
> If we kill all postgres in all jails and we start postgresql manually on
> frist jail after this we start postgresql on second jail all work fine.
> 
> Are there any problem with shared memory using jail? Is this a security
> problem?
> 
> Many thanks,
> Paulo.
> 
> -- 
>    __O
>  _-\<,_     Why drive when you can bike?
> (_)/ (_)
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message