From owner-freebsd-stable@FreeBSD.ORG Mon Apr 3 17:07:41 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B1E416A41F; Mon, 3 Apr 2006 17:07:41 +0000 (UTC) (envelope-from tgl@sss.pgh.pa.us) Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5EC643D45; Mon, 3 Apr 2006 17:07:40 +0000 (GMT) (envelope-from tgl@sss.pgh.pa.us) Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1]) by sss.pgh.pa.us (8.13.6/8.13.6) with ESMTP id k33H7dSh014906; Mon, 3 Apr 2006 13:07:39 -0400 (EDT) To: Robert Watson In-reply-to: <20060403174043.S76562@fledge.watson.org> References: <20060402163504.T947@ganymede.hub.org> <25422.1144016604@sss.pgh.pa.us> <25526.1144017388@sss.pgh.pa.us> <20060402213921.V947@ganymede.hub.org> <26524.1144026385@sss.pgh.pa.us> <20060402222843.X947@ganymede.hub.org> <26796.1144028094@sss.pgh.pa.us> <20060402225204.U947@ganymede.hub.org> <26985.1144029657@sss.pgh.pa.us> <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403174043.S76562@fledge.watson.org> Comments: In-reply-to Robert Watson message dated "Mon, 03 Apr 2006 17:49:42 +0100" Date: Mon, 03 Apr 2006 13:07:39 -0400 Message-ID: <14905.1144084059@sss.pgh.pa.us> From: Tom Lane Cc: "Marc G. Fournier" , pgsql-hackers@postgresql.org, freebsd-stable@FreeBSD.org, Kris Kennaway Subject: Re: [HACKERS] semaphore usage "port based"? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 17:07:41 -0000 Robert Watson writes: > Maybe I've misunderstood the problem here -- is the use of the GETPID > operation occuring within a coordinated set of server processes, or does it > also occur between client and server processes? I think it's quite reasonable > to argue that a coordinated set of server processes should be able to see each > other, especially if they're running as the same user, in the same jail, > started at the same time. We use the semaphore sets only within postgres server processes; we could hardly expect client processes to be able to get at them, since in general clients aren't on the same machine. The issue here, though, is that Marc is trying to start multiple postgres servers in different jails, and in that context the different postgres servers aren't "coordinated" in any real sense. We'd prefer that they didn't interact at all, but they are interacting because the SysV code isn't restricting IPC to occur only within a jail. BTW, Marc, it occurs to me that a workaround for you would be to create a separate userid for postgres to run under in each jail; then the regular protection mechanisms would prevent the different postmasters from interfering with each others' semaphore sets. But I think that workaround just makes it even clearer that the jail mechanism isn't behaving very sanely. > I would, in general, consider the use of System > V IPC across jails (as opposed to in a single jail) unsupported, since it's > not consistent with the security model. That'd be fine with me --- the problem here is that we've got unwanted communication across jails. If, say, the jail ID were considered part of semaphore keys, we'd be in fine shape. regards, tom lane