From: Bruce Momjian <bruce@momjian.us>
Date: Tue, 11 Apr 2006 19:26:42 +0000 (+0000)
Subject: Add documentation about running postmasters in FreeBSD jails (use
X-Git-Tag: REL8_2_BETA1~1167
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ba60acf17e70ba2330dbd3dba13ba75438307901;p=postgresql

Add documentation about running postmasters in FreeBSD jails (use
separate users).
---

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 20e63bea75..3c38ff838c 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.366 2006/04/03 23:35:02 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.367 2006/04/11 19:26:42 momjian Exp $ -->
 
 <chapter Id="runtime">
  <title>Operating System Environment</title>
@@ -763,6 +763,18 @@ options "SEMMNS=240"
         setting <literal>kern.ipc.shm_use_phys</literal>.
        </para>
 
+       <para>
+        If running in FreeBSD jails by enabling <application>sysconf</>'s
+        <literal>security.jail.sysvipc_allowed</>, <application>postmaster</>s
+        running in different jails should be run by different operating system
+        users.  This improves security because it prevents one jail from
+        interfering with shared memory or semaphores in another, and it
+        allows the PostgreSQL IPC cleanup code to function properly.  
+        (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly detect
+        processes in other jails, preventing the running of postmasters on the
+        same port in different jails.)
+       </para>
+
        <para>
         <systemitem class="osname">FreeBSD</> versions before 4.0 work like 
         <systemitem class="osname">NetBSD</> and <systemitem class="osname">