Re: initdb dies during IpcSemaphoreCreate under BSD jail
| От | Alex Hayward |
|---|---|
| Тема | Re: initdb dies during IpcSemaphoreCreate under BSD jail |
| Дата | |
| Msg-id | Pine.LNX.4.33.0203271047050.6431-100000@sphinx.mythic-beasts.com обсуждение исходный текст |
| Ответ на | Re: initdb dies during IpcSemaphoreCreate under BSD jail (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Wed, 27 Mar 2002, Tom Lane wrote: > "Joel Burton" <joel@joelburton.com> writes: > >> This will allow you to run a single postgres in a single jail only one > >> user would have access to it. If you try to run more then one it will > >> try to use the same shared memory and crash. > > > Is this, in fact, the case? > > Unless BSD jails have very bizarre shared memory behavior, this is > nonsense. PG can easily run multiple postmasters in the same machine > (there are currently four postmasters of different vintages alive on > the machine I'm typing this on). Give each one a different database > directory and a unique port number, and you're good to go. > > It might be that postmasters in different jails on the same machine > would have to be assigned different port numbers to keep them from > conflicting. Don't know exactly how airtight a BSD jail is ... > but there is an interaction between port number and shared memory > key. I can imagine that a jail that hides processes but not shared > memory segments might confuse our startup logic that tries to detect > whether an existing shared memory segment is safe to reuse or not. > Perhaps your ISP has seen failures of that type from trying to > start multiple postmasters on the same port number in different > jails. FreeBSD jails are supposed to put just about everything in to different namespaces/contention domains/whatever. You can't see processes running outside a jail from within it, you can't see files outside your jail, you can only use your jail's IP address, etc. However, this doesn't work for SYSV IPC (not in FreeBSD-STABLE, at least) and everything goes in to one machine-wide namespace - hence the sysctl to turn it on/off. PostgreSQL will run quite happily using different port numbers in different jails - but the port numbers MUST be different. Since the ISP is probably using jails to make multiple users as unaware of each other as possible this might be a problem for them... You should probably also consider that someone in /another/ jail might be able to get access to your shared memory segments. This would, most likely, be a bad thing to happen.
В списке pgsql-hackers по дате отправления: