Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 1 Feb 2016 21:04:15 +0200
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        Jov <zhao6014@gmail.com>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Fwd: [BUGS] BUG #13900: stop standby failed with writer process hang(happen 3 times in 2 days)
Message-ID:  <20160201190415.GO91220@kib.kiev.ua>
In-Reply-To: <CADyrUxOw%2Bn-ZB9f71v9PFjB_Mk=x8-DMZWqsD0GXK0DYEVw2fA@mail.gmail.com>
References:  <20160130071346.31022.37189@wrigleys.postgresql.org> <CADyrUxM9jWVrUZYkUYP6vxgg_eWOuCqCQTqEERQ6iSq11DjUeA@mail.gmail.com> <20160131162929.GI91220@kib.kiev.ua> <CADyrUxOw%2Bn-ZB9f71v9PFjB_Mk=x8-DMZWqsD0GXK0DYEVw2fA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Feb 01, 2016 at 10:07:18AM +0800, Jov wrote:
> Thanks Belousov! this is the output:
> root@fb:~ # ps axlHww | grep 979
> 1001   979     1   0    4  0 196940   8236 -        Ds    -      0:06.03
> postgres: writer process    (postgres)
>    0 48614 48587   0   20  0  18824   2252 piperd   S+    0      0:00.00
> grep 979
> 
> 
> I use PostgreSQL on FreeBSD more than 3 years and this is the first time I
> have problems.
> I am suspicious of this problem related with the harden of the security of
> the FreeBSD, I add these entry to all of my server aouble one month ago:
I doubt that this is related.

The problem you reported is somewhat known, I am not sure about the state
of it on stable/9.  There were some fixes on HEAD and stable/10, there
were many attempts of changes.  I currently believe that it is mostly
fixed, and ony pending fix is a minor patch I provided for several
people.  But this is only for HEAD and 10.



> 
> security.bsd.see_other_uids=0
> security.bsd.see_other_gids=0
> security.bsd.unprivileged_read_msgbuf=0
> security.bsd.unprivileged_proc_debug=0
> security.bsd.hardlink_check_uid=1
> security.bsd.hardlink_check_gid=1

> security.bsd.stack_guard_page=1
This setting would do nothing for you.

> security.bsd.unprivileged_mlock=0
And this one causes less 'security' since programs like gpg no longer can
allocate non-swappable memory for sensitive data without setuid.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160201190415.GO91220>