jail + postgresql + System V IPC

Oliver Fromme olli at lurza.secnetix.de
Wed Sep 10 09:32:11 PDT 2003 

Michael Sig Birkmose <birkmose at cs.auc.dk> wrote:
 > I have resently installed a jail environment on my freebsd box, and had some
 > problems getting postgresql running under it.
 > After looking a bit on various mailinglists i figured out that I needed to
 > set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql
 > run.
 > 
 > However man jail gives me:
 > [...]

In other words, shared memory and semaphores exist only
once on the machine, not per-jail.  That means that a
process in a jail is not completely isolated from other
processes in other jails (or in the host environment)
which also use shared memory or semaphores.

 > Reading this it sounds like setting jail.sysvipc_allowed=1 is a bad idea?
 > So I guess my question is, whether it is a big security risk to run
 > postgresql in a jail?

No, I wouldn't say that.  It is still _much_ better than
not running PostgreSQL in a jail at all.

You can use the command "ipcs" to check the current usage
of shared memory and semaphores.  Chances are that Post-
greSQL is the only program using them.

 > And what if I am running postgresql in both the host
 > environment and the jailed environment? Will I bee asking for troubles?

No, they will just each acquire and use their own shared
memory and semaphores.  However, it doesn't make sense to
run more than one PostgreSQL instance on one machine.
In particular, why would you want to run only one of them
in a jail?  Also note that running more than one instance
on a physical machine will lower the performance.

 > I
 > managed to get things running, and so far I haven't had problems, but I was
 > wondering if it is safe to run postgresql + jail. I have seen an ISP
 > offering freebsd jails, and they have a list regarding downsides of running
 > jail (such as you can't use ICMP, shared hardware etc etc). In this list
 > they also includes that you can't run postgresql. This just makes me wonder
 > even more if this cocktail is a good idea :)

They decided not to set the sysctl, in order to improve
isolation.  Probably a very good idea on a shell box.
I assume you don't intend to offer user shells on the
same machine running your PostgreSQL.

Apart from that, what would you do instead?  Not run
PostgreSQL at all?

Regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Documentation is like sex; when it's good, it's very, very good,
and when it's bad, it's better than nothing."
        -- Dick Brandon

More information about the freebsd-stable mailing list