From owner-freebsd-stable@FreeBSD.ORG Sun Apr 2 19:32:31 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC9C416A400 for ; Sun, 2 Apr 2006 19:32:31 +0000 (UTC) (envelope-from scrappy@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5536D43D48 for ; Sun, 2 Apr 2006 19:32:31 +0000 (GMT) (envelope-from scrappy@hub.org) Received: from localhost (av.hub.org [200.46.204.144]) by hub.org (Postfix) with ESMTP id 6CF01823C6C; Sun, 2 Apr 2006 16:32:28 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 24573-08; Sun, 2 Apr 2006 16:32:30 -0300 (ADT) Received: from ganymede.hub.org (blk-222-82-85.eastlink.ca [24.222.82.85]) by hub.org (Postfix) with ESMTP id EB44B823C6B; Sun, 2 Apr 2006 16:32:27 -0300 (ADT) Received: by ganymede.hub.org (Postfix, from userid 1000) id 85A5C5C442; Sun, 2 Apr 2006 16:32:31 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 7EF923E1ED; Sun, 2 Apr 2006 16:32:31 -0300 (ADT) Date: Sun, 2 Apr 2006 16:32:31 -0300 (ADT) From: "Marc G. Fournier" To: Kris Kennaway In-Reply-To: <20060402191519.GA56599@xor.obsecurity.org> Message-ID: <20060402162612.N947@ganymede.hub.org> References: <20060402144704.S947@ganymede.hub.org> <20060402191519.GA56599@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at hub.org Cc: freebsd-stable@freebsd.org Subject: Re: [FreeBSD 6] semctl broken compared to 4-STABLE ... X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Apr 2006 19:32:31 -0000 On Sun, 2 Apr 2006, Kris Kennaway wrote: > On Sun, Apr 02, 2006 at 02:55:39PM -0300, Marc G. Fournier wrote: >> >> Back in April '05, someone posted a thread about PostgreSQL within FreeBSD >> jails: >> >> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2005-04/0837.html >> >> At the time (and to date) I reported that I was running several PostgreSQL >> daemons, all on the same port, using FreeBSD 4.x, and all within a jail >> each ... and I continue to do this without any problems ... >> >> Today, on our new FreeBSD 6.x machine, I am now experiencing the same >> problem that Alexander originally reported ... >> >> Its not PostgreSQL related ... I'm running 4x7.4 servers on a FreeBSD 4.x >> box, all on the same port ... here, I'm trying to run 2x7.4 servers on a >> FreeBSD RELENG_6 box ... >> >> So, something has changed with FreeBSD 6's (and, according to the above >> thread, 5's) use of shared memory and semaphores that is breaking the >> ability to do this ... something that did work as hoped in FreeBSD 4 ... > > See jail(8)? If you are referring to: security.jail.sysvipc_allowed This MIB entry determines whether or not processes within a jail have access to System V IPC primitives. In the current jail imple- mentation, System V primitives share a single namespace across the host and jail environments, meaning that processes within a jail would be able to communicate with (and potentially interfere with) processes outside of the jail, and in other jails. As such, this functionality is disabled by default, but can be enabled by setting this MIB entry to 1. That wording hasn't changed since FreeBSD4.x, so you are saying that FreeBSD6.x has become *less* stable/secure in this regard then FreeBSD 4.x was? Seems an odd direction to go ... Please note, I'm not expecting FreeBSD 6.x to be *more* secure as far as namespaces are concerned for shared memory ... I'm just not expecting FreeBSD 6.x to create problems that didn't exist in 4.x :( And, by the fact that I have 17 PostgreSQL daemons, all running on port 5432, on my FreeBSD 4.x box right now, I *know* that this did work with 4.x ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664