Hi Allan and Kris,

I use PostgreSQL for a few web sites, and it requires SysVIPC to be enabled. I've learned that I must enable security.jail.sysvipc_allowed on the host machine and set allow.sysvipc true for each jail I want to enable SysVIPC in. I've seen it mentioned on the internet that this defeats the security of using a jail and is discouraged.



My question is when I enable SysVIPC for just my PostgreSQL jail, am I compromising the security of my FreeNAS/FreeBSD host AND the PostgreSQL jail, or just the PostgreSQL jail, or am I compromising the security of all the jails (even without the use of allow.sysvipc on other jails)? Is it safer just to a database in a VM if the need for SysVIPC is required?



Thank you for the awesome show and keep up the good work!



Daniel