Michael Tokarev via Postfix-users:
> 09.12.2024 17:17, Wietse Venema via Postfix-users wrote:
> ...
> > Setting up the necessary helper files under /var/spool/postfix
> > (nsswitch.conf, TLS, resolv.conf, services) remains platform-specific.
>
> I was under impression postfix does not need nsswitch.conf in the chroot.
> But I was wrong.
>
> smtp_host_lookup = dns (default) or native
> native uses nsswitch on Linux (getaddrinfo() is implemented through
> nsswitch on linux).
>
> disable_dns_lookups = yes
> turns smtp_host_lookups to native
>
> So even with these 2, there's already possibility to need nss stuff in
> the chroot.
>
> Now, things becomes interesting. Is there anything else besides hosts
> lookup (+ services, for getaddrinfo()) which is being done by postfix?
> I know about other software such as ldap or sasl, these might do other
> types of lookups.
>
> Does postfix try to init nss before enering chroot, so it at least
> loads the nss modules? Apparenlty there's standard no way to keep
> getaddrinfo() initialized. It'd be very nice if there's some way
> to do this - to at least avoid having nsswitch.conf itself plus
> the modules (with all their deps) in the chroot.
Does nsswitch use lazy initialization or greedy initialization?
I would expect that calling getaddrinfo() with a non-existent
hostname will initialize all the plugins needed for host address
lookup. Call it instead with an existing hostname, and it may
initialize even less.
We do know what functions Postfix calls directly, but not what
may be called by libraries such as libldap, libsasl, or lib*sql*.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
