Date: Mon, 12 Dec 2016 20:24:58 +0100 From: Mark Martinec <Mark.Martinec+freebsd@ijs.si> To: freebsd-stable@freebsd.org Subject: Is System V IPC namespace still shared across jails? Message-ID: <bd0104e960902c42acef95555c0fc37f@ijs.si>
next in thread | raw e-mail | index | archive | help
Regarding installation of PostgreSQL in a FreeBSD jail, the web hold plenty of warnings/advice that each postgres instance should have a unique UID, otherwise they stumble across each other's feet: | allow.sysvipc | A process within the jail has access to System V IPC primitives. In the | current jail implementation, System V primitives share a single namespace | across the host and jail environments, meaning that processes within a jail | would be able to communicate with (and potentially interfere with) processes | outside of the jail, and in other jails. Is this still the case in FreeBSD 11.0 ??? I remember hearing rumors that the System V namespace no longer is (will?) be shared across jails. (Couldn't find it being mentioned in release notes.) Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bd0104e960902c42acef95555c0fc37f>