[FreeBSD 6] semctl broken compared to 4-STABLE ...

Marc G. Fournier scrappy at hub.org
Sun Apr 2 19:54:33 UTC 2006 

On Sun, 2 Apr 2006, Kris Kennaway wrote:

> On Sun, Apr 02, 2006 at 04:32:31PM -0300, Marc G. Fournier wrote:
>> On Sun, 2 Apr 2006, Kris Kennaway wrote:
>>
>>> On Sun, Apr 02, 2006 at 02:55:39PM -0300, Marc G. Fournier wrote:
>>>>
>>>> Back in April '05, someone posted a thread about PostgreSQL within FreeBSD
>>>> jails:
>>>>
>>>> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2005-04/0837.html
>>>>
>>>> At the time (and to date) I reported that I was running several PostgreSQL
>>>> daemons, all on the same port, using FreeBSD 4.x, and all within a jail
>>>> each ... and I continue to do this without any problems ...
>>>>
>>>> Today, on our new FreeBSD 6.x machine, I am now experiencing the same
>>>> problem that Alexander originally reported ...
>>>>
>>>> Its not PostgreSQL related ... I'm running 4x7.4 servers on a FreeBSD 4.x
>>>> box, all on the same port ... here, I'm trying to run 2x7.4 servers on a
>>>> FreeBSD RELENG_6 box ...
>>>>
>>>> So, something has changed with FreeBSD 6's (and, according to the above
>>>> thread, 5's) use of shared memory and semaphores that is breaking the
>>>> ability to do this ... something that did work as hoped in FreeBSD 4 ...
>>>
>>> See jail(8)?
>>
>> If you are referring to:
>>
>>      security.jail.sysvipc_allowed
>>           This MIB entry determines whether or not processes within a jail
>>           have access to System V IPC primitives.  In the current jail
>>           imple-
>>           mentation, System V primitives share a single namespace across the
>>           host and jail environments, meaning that processes within a jail
>>           would be able to communicate with (and potentially interfere with)
>>           processes outside of the jail, and in other jails.  As such, this
>>           functionality is disabled by default, but can be enabled by
>>           setting
>>           this MIB entry to 1.
>>
>> That wording hasn't changed since FreeBSD4.x, so you are saying that
>> FreeBSD6.x has become *less* stable/secure in this regard then FreeBSD 4.x
>> was?  Seems an odd direction to go ...
>
> No, as you say the wording hasn't changed: "meaning that processes
> within a jail would be able to communicate with (and potentially
> interfere with) processes outside of the jail, and in other jails.".
> It looks like your postgresql's are doing this.

Right, but why are they doing it *consistently* in FreeBSD 6.x, when they 
never did it in FreeBSD 4.x?  I have postmaster processes running on the 
FreeBSD box as far back as November 27th, 2005 ... and have *never* 
experienced this problem ... so it isn't PostgreSQL that has changed, 
something in FreeBSD has changed :(

# ps aux | grep postmaster | egrep -v "postmaster:" | grep -- -D
pgsql   16135  0.0  0.1 17480 3572  ??  SsJ  Fri01AM   0:09.52 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql   39518  0.0  0.1 17132 2920  ??  SsJ  Mon12AM   0:05.96 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
scrappy 83192  0.0  0.3 155164 11368  ??  SsJ  25Mar06  46:11.12 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
scrappy 51478  0.0  0.0 17076 1612  ??  SsJ  31Jan06   2:38.68 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
scrappy 18356  0.0  0.1 81320 2000  ??  SsJ  24Jan06  56:57.87 /usr/local/bin/postmaster -D /usr/local/pgsql/data -S (postgres)
pgsql   98241  0.0  0.0  7932  704  ??  SsJ  23Jan06   1:38.18 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql   84427  0.0  0.1 144332 4756  ??  SsJ  16Dec05   4:58.66 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql   14497  0.0  0.0  8572 1100  ??  SsJ  12Dec05   4:43.22 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql    5254  0.0  0.0 16768 1456  ??  SsJ  27Nov05   1:31.52 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql    4893  0.0  0.0  7948  884  ??  SsJ  27Nov05   2:08.26 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql    4850  0.0  0.0  7480  772  ??  SsJ  27Nov05   1:22.59 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql    4627  0.0  0.0  7976  912  ??  SJ   27Nov05   1:24.76 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql    4537  0.0  0.0  8224  860  ??  SsJ  27Nov05   1:39.05 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
pgsql    1972  0.0  0.0  7948 1016  ??  SsJ  27Nov05   2:11.52 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres)
scrappy  1453  0.0  0.1 77804 4516  ??  SsJ  27Nov05  39:56.76 /usr/local/bin/postmaster -D /usr/local/pgsql/data -S (postgres)
scrappy  1019  0.0  0.0 14672  908  ??  SsJ  27Nov05   3:03.65 /usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data -S (postgres)
scrappy   287  0.0  0.1 76128 3112  ??  SsJ  27Nov05  20:50.48 /usr/local/bin/postmaster -D /usr/local/pgsql/data -S (postgres)


----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email: scrappy at hub.org           Yahoo!: yscrappy              ICQ: 7615664

More information about the freebsd-stable mailing list