Steffen Nurpmeso via Postfix-users:
> Wietse Venema via Postfix-users wrote in
> <4xkqfs5trnzj...@spike.porcupine.org>:
> |Vincent Lefevre via Postfix-users:
> |>> That eliminates most of the threats that Postfix chroot aims to
> |>> address, and there is no need to run Postfix daemons chrooted.
> |>
> |> OK. I suppose that this should be the most common situation for the
> |> average user. So this is what Debian should do, according to its own
> |> rules.
> |>
> |>> The details of what files, and when, to sync into the chroot jail
> |>> are highly dependent on the OS type and OS version. It is therefore
> |>> up to the OS distro maintainers to deal with it.
> |>
> |> I understand. I was just suggesting a warning that there are such
> |> issues, not how to solve them.
> |
> |For good reasons, Postfix 3.x does not enable chroot by default
> |since 10+ years. If a distro maintainer keeps it on, then they own
> |the responsibility to inform users of how to solve chroot related
> |problems. Please complain to yur maintainer.
>
> (Very easy on Linux by --bind mounting /etc inside the chroot.
> This even works in fstab like
> /var/git /var/anongit/git bind bind,ro,nofail 0 0.)
On my laptop, /etc/resolv.conf is a symlink to /run/systemd/whatever,
so you'd need to mount that symlink target (or its parent), too.
But wait there is more: dependencies of nsswitch.conf, dependencies
for timezone conversion, and so on, that are scattered over the
file system.
The details are very platform specific, and out of scope for the
Postfix project.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
