2 x Postgres 9.4.1 in Jail

[perkypork]

I tried to run Postgres 9.4.1 in two different jails and got lots of

semctl failed: Invalid argument

in my logs. In one of my jails Postgres ended up crashing.

I had read that running Postgres in two different jails (on the same box) was no longer an issue. Is this correct or am I misinformed? If I am misinformed, could someone point me to the correct way of running two Postgres jails please?

 

[junovitch@]

From jail(8):

allow.sysvipc
A process within the jail has access to System V IPC primitives. In the current jail implementation, System V primitives share a single namespace across the host and jail environments, meaning that processes within a jail would be able to communicate with (and potentially interfere with) processes outside of the jail, and in other jails.

That means different UIDs are required to provide separation as jails do not separate namespaces. As such, Sys V shared memory is a small risk that shouldn't be used unless needed and when it is, different UIDs for each pgsql user should be used to provide separation.

For more detail: http://www.freebsddiary.org/jail-multiple.php

 

[perkypork]

Thanks junovitch!

Just to clarify, am I doing things wrong i.e. setting allow.sysvipc in the jail config for a PostgreSQL jail or should I be leaving that off and doing things another way?

 

[junovitch@]

Yes. Set allow.sysvipc for each Postgres jail then change the user ID for Postgres in each jail. The jail(8) implementation doesn't separate Sys V IPC namespaces so the UIDs must be different.