On 2024-12-16 15:59, Michael Tokarev via Postfix-users wrote: > >> All of the chroot features, fine grained, and even more are now much >> easier to set up with namespaces, syscomp filters, BPFs, CGroups, >> capabilities etc. This is not SELinux madness with unauditable rules... > All this stuff has to be applied by individual postfix daemons though.
Only if you want to analyze all of their functions. Or one can do the opposite - restrict entire mail system within it's enclave (userns), with bind-mounted mail directory etc. Of course it's even more work to setup than chroot environment, but the separation is real and meaningful. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
