Skip site navigation (1) Skip section navigation (2)

Re: initdb dies during IpcSemaphoreCreate under BSD jail

From: Alex Hayward <xelah(at)xelah(dot)com>
To: PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: initdb dies during IpcSemaphoreCreate under BSD jail
Date: 2002-03-27 10:56:24
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Wed, 27 Mar 2002, Tom Lane wrote:

> "Joel Burton" <joel(at)joelburton(dot)com> writes:
> >> This will allow you to run a single postgres in a single jail only one
> >> user would have access to it.  If you try to run more then one it will
> >> try to use the same shared memory and crash.
> > Is this, in fact, the case?
> Unless BSD jails have very bizarre shared memory behavior, this is
> nonsense.  PG can easily run multiple postmasters in the same machine
> (there are currently four postmasters of different vintages alive on
> the machine I'm typing this on).  Give each one a different database
> directory and a unique port number, and you're good to go.
> It might be that postmasters in different jails on the same machine
> would have to be assigned different port numbers to keep them from
> conflicting.  Don't know exactly how airtight a BSD jail is ...
> but there is an interaction between port number and shared memory
> key.  I can imagine that a jail that hides processes but not shared
> memory segments might confuse our startup logic that tries to detect
> whether an existing shared memory segment is safe to reuse or not.
> Perhaps your ISP has seen failures of that type from trying to
> start multiple postmasters on the same port number in different
> jails.

FreeBSD jails are supposed to put just about everything in to different
namespaces/contention domains/whatever. You can't see processes running
outside a jail from within it, you can't see files outside your jail, you
can only use your jail's IP address, etc. However, this doesn't work for
SYSV IPC (not in FreeBSD-STABLE, at least) and everything goes in to one
machine-wide namespace - hence the sysctl to turn it on/off.

PostgreSQL will run quite happily using different port numbers in
different jails - but the port numbers MUST be different. Since the ISP is
probably using jails to make multiple users as unaware of each other as
possible this might be a problem for them...

You should probably also consider that someone in /another/ jail might be
able to get access to your shared memory segments. This would, most
likely, be a bad thing to happen.

In response to

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2002-03-27 10:58:29
Subject: Re: Mailing List Question
Previous:From: Oliver ElphickDate: 2002-03-27 09:46:04
Subject: Linux/mips compile: [Fwd: Bug#139003: a little bit more isneeded...]

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group