21.12.2024 20:15, Michael Tokarev via Postfix-users wrote:
plus a few other workarounds for lack of cap-dac-override.
It looks like it's hardly possible to get away from cap_dac_override, because it is relied on in a number of other places. Currently postfix happily opens non-root-owned maps before chroot_uid() - and these maps can reside in protected non-root-owned dirs. That will break with no cap_dac_override obviously. /mjt _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
