21.12.2024 19:51, Wietse Venema via Postfix-users wrote:
Michael Tokarev via Postfix-users:
I still yet to see the reason for this, besides a statement "chroot is
painless for freebsd but for linux is unsupportable", which is nothing
but a big old myth, since the two works the same.
That is a myth, because we already discussed that glibc needs file
system access for things that other OS libc implementations don't.
This is all I have in my FreeBSD 14 chroot jail (my server does not
do 'traditional' PKI certificate verification):
/var/spool/postfix/var/run/log
/var/spool/postfix/etc/resolv.conf
/var/spool/postfix/etc/:
total 28
-rw-r--r-- 1 root root 305 Mar 10 2012 hosts
-rw-r--r-- 1 root root 1535 Feb 3 2024 localtime
-rw-r--r-- 1 root root 55 Feb 19 2022 resolv.conf
-rw-r--r-- 1 root root 12813 Mar 28 2021 services
That's all which is needed by our postfix servers. No /lib
or /var. /etc/hosts and /etc/services are needed because I
want to be able to sometimes do getaddrinfo() - they're also
needed on FeeeBSD for exactly the same reason.
Everything else is loaded or opened before a Postfix daemon drops
its privileges.
You don't use custom nsswitch modules. Me neither.
/mjt
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
