On Wed, 27 Mar 2002, Tom Lane wrote:
> "Joel Burton" <joel@joelburton.com> writes:
> >> This will allow you to run a single postgres in a single jail only one
> >> user would have access to it. If you try to run more then one it will
> >> try to use the same shared memory and crash.
>
> > Is this, in fact, the case?
>
> Unless BSD jails have very bizarre shared memory behavior, this is
> nonsense. PG can easily run multiple postmasters in the same machine
> (there are currently four postmasters of different vintages alive on
> the machine I'm typing this on). Give each one a different database
> directory and a unique port number, and you're good to go.
>
> It might be that postmasters in different jails on the same machine
> would have to be assigned different port numbers to keep them from
> conflicting. Don't know exactly how airtight a BSD jail is ...
> but there is an interaction between port number and shared memory
> key. I can imagine that a jail that hides processes but not shared
> memory segments might confuse our startup logic that tries to detect
> whether an existing shared memory segment is safe to reuse or not.
> Perhaps your ISP has seen failures of that type from trying to
> start multiple postmasters on the same port number in different
> jails.
FreeBSD jails are supposed to put just about everything in to different
namespaces/contention domains/whatever. You can't see processes running
outside a jail from within it, you can't see files outside your jail, you
can only use your jail's IP address, etc. However, this doesn't work for
SYSV IPC (not in FreeBSD-STABLE, at least) and everything goes in to one
machine-wide namespace - hence the sysctl to turn it on/off.
PostgreSQL will run quite happily using different port numbers in
different jails - but the port numbers MUST be different. Since the ISP is
probably using jails to make multiple users as unaware of each other as
possible this might be a problem for them...
You should probably also consider that someone in /another/ jail might be
able to get access to your shared memory segments. This would, most
likely, be a bad thing to happen.
