Add documentation about running postmasters in FreeBSD jails (use

separate users).

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 20e63bea75dbab7cf499699cc925633b87557f7f..3c38ff838c7846af82f40aaa44f0e1ec6f03bf57 100644 (file)
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,4 +1,4 @@
-
+
 
 
  Operating System Environment
@@ -763,6 +763,18 @@ options "SEMMNS=240"
         setting kern.ipc.shm_use_phys.
        
 
+       
+        If running in FreeBSD jails by enabling sysconf's
+        security.jail.sysvipc_allowed, postmasters
+        running in different jails should be run by different operating system
+        users.  This improves security because it prevents one jail from
+        interfering with shared memory or semaphores in another, and it
+        allows the PostgreSQL IPC cleanup code to function properly.  
+        (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly detect
+        processes in other jails, preventing the running of postmasters on the
+        same port in different jails.)
+       
+
        
         FreeBSD versions before 4.0 work like 
         NetBSD and