Date: Mon, 3 Apr 2006 15:50:18 -0400 From: Stephen Frost <sfrost@snowman.net> To: Tom Lane <tgl@sss.pgh.pa.us> Cc: freebsd-stable@FreeBSD.org, "Marc G. Fournier" <scrappy@postgresql.org>, pgsql-hackers@postgresql.org, Robert Watson <rwatson@FreeBSD.org>, Kris Kennaway <kris@obsecurity.org> Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <20060403195018.GG4474@ns.snowman.net> In-Reply-To: <14905.1144084059@sss.pgh.pa.us> References: <26985.1144029657@sss.pgh.pa.us> <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403174043.S76562@fledge.watson.org> <14905.1144084059@sss.pgh.pa.us>
next in thread | previous in thread | raw e-mail | index | archive | help
--xtjQnVSMpkrbsJsT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline * Tom Lane (tgl@sss.pgh.pa.us) wrote: > BTW, Marc, it occurs to me that a workaround for you would be to create > a separate userid for postgres to run under in each jail; then the > regular protection mechanisms would prevent the different postmasters > from interfering with each others' semaphore sets. But I think that > workaround just makes it even clearer that the jail mechanism isn't > behaving very sanely. Just to toss it in there, I do this on some systems where we use Linux VServers. It's just so that when I'm looking at a process list across the whole system it's easy to tell which processes are inside which vservers (since the only thing which should be running in a given vserver is a single Postgres instance which should only be running with the uid/gid corresponding to that vserver, and that uid/gid is recorded in the host passwd file with a name associated with it since that's the passwd file used when looking at all pids). I also just double-checked with the Linux VServer folks and they confirm that IPC inside the vserver are isolated from all the other IPCs on the system. Thanks, Stephen --xtjQnVSMpkrbsJsT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEMXx6rzgMPqB3kigRArK1AJ43NLH2KgS2LlDu2R/Ve8e3+EZisQCgglFE xWfDo3k/xSbIRvAo8yEw0Ys= =tH0M -----END PGP SIGNATURE----- --xtjQnVSMpkrbsJsT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403195018.GG4474>