From owner-freebsd-hackers@FreeBSD.ORG Fri Jun 12 02:11:34 2015 Return-Path: Delivered-To: freebsd-hackers@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A753636F; Fri, 12 Jun 2015 02:11:34 +0000 (UTC) (envelope-from kikuchan@uranus.dti.ne.jp) Received: from vsmtp07.dti.ne.jp (vsmtp07.dti.ne.jp [202.216.231.142]) by mx1.freebsd.org (Postfix) with ESMTP id DB0481642; Fri, 12 Jun 2015 02:11:33 +0000 (UTC) (envelope-from kikuchan@uranus.dti.ne.jp) Received: from mail.dream.jp (webmail01.ga.dti.ne.jp [202.216.229.152]) by vsmtp07.dti.ne.jp (3.11v) with ESMTP AUTH id t5C24PBc029633; Fri, 12 Jun 2015 11:04:25 +0900 (JST) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Date: Fri, 12 Jun 2015 11:04:25 +0900 From: To: Alfred Perlstein Cc: , Subject: Re: How to implement jail-aware SysV IPC (with my nasty patch) In-Reply-To: <557A34DB.9070103@freebsd.org> References: <557A34DB.9070103@freebsd.org> Message-ID: X-Sender: kikuchan@uranus.dti.ne.jp User-Agent: DTI MyMail/0.3-trunk X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jun 2015 02:11:34 -0000 Thank you for your reply! Just appended, is this OK? https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=48471 On Thu, 11 Jun 2015 18:24:43 -0700, Alfred Perlstein wrote: > Can a bugzilla or github request please be made for this so that it > doesn't get lost? > > thank you, > -Alfred > > On 6/11/15 6:17 PM, kikuchan@uranus.dti.ne.jp wrote: >> Hello, >> >> I'm (still) trying to figure out how jail-aware SysV IPC mechanism should be. >> >> I want to run PostgreSQL in each jail without changing UID for each jail. >> If you don't change UID on each jail, it doesn't work due to IPC objects conflict between jails. >> See also; >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=48471 >> http://www.freebsddiary.org/jail-multiple.php >> https://wiki.freebsd.org/Jails >> https://forums.freebsd.org/threads/postgresql-in-jail.51528/ >> >> There is a patch for 4.7-STABLE on bugzilla (see above) to solve the problem by completely separating namespace for each jail in kernel, >> but I couldn't find any (other) implementation that works on recent FreeBSD. >> I've also tried to re-write the patch for recent FreeBSD, but I couldn't make it properly due to my limited kernel knowledge ;( >> >> Anyway, I created (and update) a patch to trying to solve the problem by simply separating IPC key_t space for each jail. >> The attached patch can be applied to 10-STABLE (or CURRENT?). >> >> After the patch is applied; >> - IPC objects created on parent jail, are invisible to children. >> - IPC objects created on neighbor jail, are also invisible each other. >> - IPC objects craeted on child jail, are VISIBLE from parent. >> - IPC key_t spaces are separated between jails. If you see the key_t named object from parent, it's shown as IPC_PRIVATE. >> >> I choose this design of feature, however, I'm not sure this is the right design for jail-aware IPC. >> If you prefer the completely separated namespace approach, it's ok. I want to focus on how the IPC mechanism dealing with hierarchical jail system. >> >> So I need more feedbacks. Could you help me please? >> You can dig and play with ipcs(1)/ipcrm(1) to see what happend on each jail. >> >> Thanks. >> >> -- >> Kikuchan >> >> >> _______________________________________________ >> freebsd-hackers@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"