From owner-freebsd-stable@freebsd.org Mon Dec 12 19:25:06 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49B56C73C2C for ; Mon, 12 Dec 2016 19:25:06 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 086D315D1 for ; Mon, 12 Dec 2016 19:25:06 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from amavis-ori.ijs.si (localhost [IPv6:::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.ijs.si (Postfix) with ESMTPS id 3tct8G5jNHz12f for ; Mon, 12 Dec 2016 20:25:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h= user-agent:message-id:organization:subject:subject:from:from :date:date:content-transfer-encoding:content-type:content-type :mime-version:received:received:received:received; s=jakla4; t= 1481570698; x=1484162699; bh=8LvA7aWtaLkg04yMMzr/DONhi/cNj54XZ9a +wXR10OU=; b=fs1hKDYsqHXDR3UKn8dLZMeyv2Fllyq5Ds4HjcMeaUTzwrEv9xn easI4qkH9pBkdul+JSkx3VCicps2jjCiY7GuLdEzAy8EFZVkugbEyz9Ni25Ux55d yCXNwWqyMVaxUCGl9BIfNV14tHCUpKesOr8ZzJTpnga5asXrpGBGoNr0= X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([IPv6:::1]) by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026) with LMTP id aAAPn-MdJ5zu for ; Mon, 12 Dec 2016 20:24:58 +0100 (CET) Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1]) by mail.ijs.si (Postfix) with ESMTP id 3tct8B6RX8z12d for ; Mon, 12 Dec 2016 20:24:58 +0100 (CET) Received: from nabiralnik.ijs.si (nabiralnik.ijs.si [IPv6:2001:1470:ff80::80:16]) by mildred.ijs.si (Postfix) with ESMTP id 3tct8B5dzHz181 for ; Mon, 12 Dec 2016 20:24:58 +0100 (CET) Received: from neli.ijs.si (2001:1470:ff80:88:21c:c0ff:feb1:8c91) by webmail.ijs.si with HTTP (HTTP/1.1 POST); Mon, 12 Dec 2016 20:24:58 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 12 Dec 2016 20:24:58 +0100 From: Mark Martinec To: freebsd-stable@freebsd.org Subject: Is System V IPC namespace still shared across jails? Organization: Jozef Stefan Institute Message-ID: X-Sender: Mark.Martinec+freebsd@ijs.si User-Agent: Roundcube Webmail/1.2.2 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2016 19:25:06 -0000 Regarding installation of PostgreSQL in a FreeBSD jail, the web hold plenty of warnings/advice that each postgres instance should have a unique UID, otherwise they stumble across each other's feet: | allow.sysvipc | A process within the jail has access to System V IPC primitives. In the | current jail implementation, System V primitives share a single namespace | across the host and jail environments, meaning that processes within a jail | would be able to communicate with (and potentially interfere with) processes | outside of the jail, and in other jails. Is this still the case in FreeBSD 11.0 ??? I remember hearing rumors that the System V namespace no longer is (will?) be shared across jails. (Couldn't find it being mentioned in release notes.) Mark