shared memory in jails
Christian S.J. Peron
csjp at FreeBSD.org
Fri Aug 27 09:57:27 PDT 2004
On 27 Aug 2004 Dmitry Karasik wrote:
>
> Hi hackers,
>
> I've been playing with shared memory in jails, and very soon found
> out that one jail's segments are visible (didn't check the accesibility
> thoroughly) in another, which IMO is against the very idea of the jail.
> ( The exact problem is that postgresqls, when run in jails, try to use same
> set of IPC keys and (expectedly) fail ).
Yes, this is a known issue with prisons. iirc for this very reason
we default security.jail.sysvipc_allowed to 0.
I think it would be beneficial to solve this problem, however I have
not had much time to look into it.
--
Christian S.J. Peron
csjp at FreeBSD.ORG
FreeBSD Committer
More information about the freebsd-hackers
mailing list