Shared memory and FreeBSD's jail()
| От | lister |
|---|---|
| Тема | Shared memory and FreeBSD's jail() |
| Дата | |
| Msg-id | 428CA6B8.4030001@primetime.com обсуждение исходный текст |
| Ответы |
Re: Shared memory and FreeBSD's jail()
Re: Shared memory and FreeBSD's jail() Re: Shared memory and FreeBSD's jail() |
| Список | pgsql-general |
At the BSDCan tutorial last week on jails (and several other times) there was discussion regarding Postgres's use of system V style shared memory, and an unfortunate side effect of making jail() less secure. Specifically, to allow Postgres to operate in a jail()ed environment, the sysctl : jail.sysvipc_allowed=1 has to be set. This allows ALL jails to access the memory, at the least leaving Postgres open to attack, at the worst allowing a door into who knows what security breach. Question : is there any way to run Postgres securely in a jail?
В списке pgsql-general по дате отправления: