Commitba60acf

committed

Add documentation about running postmasters in FreeBSD jails (use

separate users).

1 parentfac2ba5 commitba60acfCopy full SHA for ba60acf

File tree

+13

-1

lines changed

+13

-1

lines changed

Lines changed: 13 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.366 2006/04/03 23:35:02 tgl Exp $ -->`
	`1`	`+<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.367 2006/04/11 19:26:42 momjian Exp $ -->`
`2`	`2`
`3`	`3`	`<chapter Id="runtime">`
`4`	`4`	`<title>Operating System Environment</title>`
`@@ -763,6 +763,18 @@ options "SEMMNS=240"`
`763`	`763`	`setting <literal>kern.ipc.shm_use_phys</literal>.`
`764`	`764`	`</para>`
`765`	`765`
	`766`	`+ <para>`
	`767`	`+ If running in FreeBSD jails by enabling <application>sysconf</>'s`
	`768`	`+ <literal>security.jail.sysvipc_allowed</>, <application>postmaster</>s`
	`769`	`+ running in different jails should be run by different operating system`
	`770`	`+ users. This improves security because it prevents one jail from`
	`771`	`+ interfering with shared memory or semaphores in another, and it`
	`772`	`+ allows the PostgreSQL IPC cleanup code to function properly.`
	`773`	`+ (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly detect`
	`774`	`+ processes in other jails, preventing the running of postmasters on the`
	`775`	`+ same port in different jails.)`
	`776`	`+ </para>`
	`777`	`+`
`766`	`778`	`<para>`
`767`	`779`	`<systemitem class="osname">FreeBSD</> versions before 4.0 work like`
`768`	`780`	`<systemitem class="osname">NetBSD</> and <systemitem class="osname">`

Comments

(0)