On Mon, 3 Apr 2006, Stephen Frost wrote:
>> This is why it's disabled by default, and the jail documentation
>> specifically advises of this possibility. Excerpt below.
>
> Ah, I see, glad to see it's accurately documented.
As it has been for the last five years, I believe since introduction of the
setting to allow System V IPC to be used with documented limitations.
> Given the rather significant use of shared memory by Postgres it seems to me
> that jail'ing it under FBSD is unlikely to get you the kind of isolation
> between instances that you want (the assumption being that you want to avoid
> the possibility of a user under one jail impacting a user in another jail).
> As such, I'd suggest finding something else if you truely need that
> isolation for Postgres or dropping the jails entirely.
>
> Running the Postgres instances under different uids (as you'd probably
> expect to do anyway if not using the jails) is probably the right approach.
> Doing that and using jails would probably work, just don't delude yourself
> into thinking that you're safe from a malicious user in one jail.
Yes, there seems to be an awful lot of noise being made about the fact that
the system does, in fact, work exactly as documented, and that the
configuration being complained about is one that is specifically documented as
being unsupported and undesirable.
As commented elsewhere in this thread, currently, there is no virtualization
support for System V IPC in the FreeBSD Jail implementation. That may change
if/when someone implements it. Until it's implemented, it isn't going to be
there, and the system won't behave as though it's there no matter how much
jumping up and down is done.
Robert N M Watson