[HACKERS] semaphore usage "port based"?
Stephen Frost
sfrost at snowman.net
Mon Apr 3 19:50:11 UTC 2006
* Tom Lane (tgl at sss.pgh.pa.us) wrote:
> BTW, Marc, it occurs to me that a workaround for you would be to create
> a separate userid for postgres to run under in each jail; then the
> regular protection mechanisms would prevent the different postmasters
> from interfering with each others' semaphore sets. But I think that
> workaround just makes it even clearer that the jail mechanism isn't
> behaving very sanely.
Just to toss it in there, I do this on some systems where we use Linux
VServers. It's just so that when I'm looking at a process list across
the whole system it's easy to tell which processes are inside which
vservers (since the only thing which should be running in a given
vserver is a single Postgres instance which should only be running with
the uid/gid corresponding to that vserver, and that uid/gid is recorded
in the host passwd file with a name associated with it since that's the
passwd file used when looking at all pids).
I also just double-checked with the Linux VServer folks and they confirm
that IPC inside the vserver are isolated from all the other IPCs on the
system.
Thanks,
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060403/2cac3220/attachment.pgp
More information about the freebsd-stable
mailing list