Date: Mon, 03 Apr 2006 13:07:39 -0400 From: Tom Lane <tgl@sss.pgh.pa.us> To: Robert Watson <rwatson@FreeBSD.org> Cc: "Marc G. Fournier" <scrappy@postgresql.org>, pgsql-hackers@postgresql.org, freebsd-stable@FreeBSD.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <14905.1144084059@sss.pgh.pa.us> In-Reply-To: <20060403174043.S76562@fledge.watson.org> References: <20060402163504.T947@ganymede.hub.org> <25422.1144016604@sss.pgh.pa.us> <25526.1144017388@sss.pgh.pa.us> <20060402213921.V947@ganymede.hub.org> <26524.1144026385@sss.pgh.pa.us> <20060402222843.X947@ganymede.hub.org> <26796.1144028094@sss.pgh.pa.us> <20060402225204.U947@ganymede.hub.org> <26985.1144029657@sss.pgh.pa.us> <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403174043.S76562@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <rwatson@FreeBSD.org> writes: > Maybe I've misunderstood the problem here -- is the use of the GETPID > operation occuring within a coordinated set of server processes, or does it > also occur between client and server processes? I think it's quite reasonable > to argue that a coordinated set of server processes should be able to see each > other, especially if they're running as the same user, in the same jail, > started at the same time. We use the semaphore sets only within postgres server processes; we could hardly expect client processes to be able to get at them, since in general clients aren't on the same machine. The issue here, though, is that Marc is trying to start multiple postgres servers in different jails, and in that context the different postgres servers aren't "coordinated" in any real sense. We'd prefer that they didn't interact at all, but they are interacting because the SysV code isn't restricting IPC to occur only within a jail. BTW, Marc, it occurs to me that a workaround for you would be to create a separate userid for postgres to run under in each jail; then the regular protection mechanisms would prevent the different postmasters from interfering with each others' semaphore sets. But I think that workaround just makes it even clearer that the jail mechanism isn't behaving very sanely. > I would, in general, consider the use of System > V IPC across jails (as opposed to in a single jail) unsupported, since it's > not consistent with the security model. That'd be fine with me --- the problem here is that we've got unwanted communication across jails. If, say, the jail ID were considered part of semaphore keys, we'd be in fine shape. regards, tom lane
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14905.1144084059>