Lamar,
I think we have a failure to communicate. Using a Unix domain socket works fine, of course, but AFAIK there is no way to instruct Postmaster to put extra sockets into various chroot areas, as you can with syslogd. This leaves you with using TCP as your only option if you need to be able to talk to postmaster both within and without a chroot area.
I know, also, that postmaster can be given access rules based on source IP address in pg_hba.conf, but postmaster will still listen on INADDR_ANY, meaning that the access control is implemented by somebody connecting and being told by postmaster to go away. My preference is not to let daemons manage their own access control.
Let me know if you know different!
