From: | Alex Hayward <xelah(at)xelah(dot)com> |
---|---|
To: | PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: initdb dies during IpcSemaphoreCreate under BSD jail |
Date: | 2002-03-27 10:56:24 |
Message-ID: | Pine.LNX.4.33.0203271047050.6431-100000@sphinx.mythic-beasts.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, 27 Mar 2002, Tom Lane wrote:
> "Joel Burton" <joel(at)joelburton(dot)com> writes:
> >> This will allow you to run a single postgres in a single jail only one
> >> user would have access to it. If you try to run more then one it will
> >> try to use the same shared memory and crash.
>
> > Is this, in fact, the case?
>
> Unless BSD jails have very bizarre shared memory behavior, this is
> nonsense. PG can easily run multiple postmasters in the same machine
> (there are currently four postmasters of different vintages alive on
> the machine I'm typing this on). Give each one a different database
> directory and a unique port number, and you're good to go.
>
> It might be that postmasters in different jails on the same machine
> would have to be assigned different port numbers to keep them from
> conflicting. Don't know exactly how airtight a BSD jail is ...
> but there is an interaction between port number and shared memory
> key. I can imagine that a jail that hides processes but not shared
> memory segments might confuse our startup logic that tries to detect
> whether an existing shared memory segment is safe to reuse or not.
> Perhaps your ISP has seen failures of that type from trying to
> start multiple postmasters on the same port number in different
> jails.
FreeBSD jails are supposed to put just about everything in to different
namespaces/contention domains/whatever. You can't see processes running
outside a jail from within it, you can't see files outside your jail, you
can only use your jail's IP address, etc. However, this doesn't work for
SYSV IPC (not in FreeBSD-STABLE, at least) and everything goes in to one
machine-wide namespace - hence the sysctl to turn it on/off.
PostgreSQL will run quite happily using different port numbers in
different jails - but the port numbers MUST be different. Since the ISP is
probably using jails to make multiple users as unaware of each other as
possible this might be a problem for them...
You should probably also consider that someone in /another/ jail might be
able to get access to your shared memory segments. This would, most
likely, be a bad thing to happen.
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2002-03-27 10:58:29 | Re: Mailing List Question |
Previous Message | Oliver Elphick | 2002-03-27 09:46:04 | Linux/mips compile: [Fwd: Bug#139003: a little bit more is needed...] |