16.12.2024 17:41, Tomasz Pala via Postfix-users wrote:
On 2024-12-16 13:22, Michael Tokarev via Postfix-users wrote:
This is exactly why I started this whole thread: is chroot in postfix worth
the efforts these days or not, from the upstream PoV? And the very first
Linux chroot() was never _worth_ any trouble.
It isn't any different from chroot() on any other unix. If it wasn't worth
on Linux, it equally wasn't worth on FreeBSD or anywhere else.
All of the chroot features, fine grained, and even more are now much
easier to set up with namespaces, syscomp filters, BPFs, CGroups,
capabilities etc. This is not SELinux madness with unauditable rules...
All this stuff has to be applied by individual postfix daemons though.
BTW, this is why people ask if it's possible to run individual postfix
components as separate systemd units - because systemd provides this
level of control easily. But this is, obviously, something else
entirely.
/mjt
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
