Re: jail + postgresql + System V IPC

From: Oliver Fromme (olli_at_lurza.secnetix.de)
Date: 09/10/03

  • Next message: Ruslan Ermilov: "Re: problems with groff" 
    Date: Wed, 10 Sep 2003 18:32:08 +0200 (CEST)
To: freebsd-stable@FreeBSD.ORG

    Michael Sig Birkmose <birkmose@cs.auc.dk> wrote:
    > I have resently installed a jail environment on my freebsd box, and had some
    > problems getting postgresql running under it.
    > After looking a bit on various mailinglists i figured out that I needed to
    > set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql
    > run.
    >
    > However man jail gives me:
    > [...]

    In other words, shared memory and semaphores exist only
    once on the machine, not per-jail. That means that a
    process in a jail is not completely isolated from other
    processes in other jails (or in the host environment)
    which also use shared memory or semaphores.

    > Reading this it sounds like setting jail.sysvipc_allowed=1 is a bad idea?
    > So I guess my question is, whether it is a big security risk to run
    > postgresql in a jail?

    No, I wouldn't say that. It is still _much_ better than
    not running PostgreSQL in a jail at all.

    You can use the command "ipcs" to check the current usage
    of shared memory and semaphores. Chances are that Post-
    greSQL is the only program using them.

    > And what if I am running postgresql in both the host
    > environment and the jailed environment? Will I bee asking for troubles?

    No, they will just each acquire and use their own shared
    memory and semaphores. However, it doesn't make sense to
    run more than one PostgreSQL instance on one machine.
    In particular, why would you want to run only one of them
    in a jail? Also note that running more than one instance
    on a physical machine will lower the performance.

    > I
    > managed to get things running, and so far I haven't had problems, but I was
    > wondering if it is safe to run postgresql + jail. I have seen an ISP
    > offering freebsd jails, and they have a list regarding downsides of running
    > jail (such as you can't use ICMP, shared hardware etc etc). In this list
    > they also includes that you can't run postgresql. This just makes me wonder
    > even more if this cocktail is a good idea :)

    They decided not to set the sysctl, in order to improve
    isolation. Probably a very good idea on a shell box.
    I assume you don't intend to offer user shells on the
    same machine running your PostgreSQL.

    Apart from that, what would you do instead? Not run
    PostgreSQL at all?

    Regards
       Oliver 

    -- 
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"Documentation is like sex; when it's good, it's very, very good,
and when it's bad, it's better than nothing."
        -- *** Brandon
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
  • Next message: Ruslan Ermilov: "Re: problems with groff"