berg...@panix.com: > => Postfix does nothing to prevent a child process from making a system > => call. For blocked calls, you may find more useful info in SeLinux > => or AppArmor event logs. > > SELinux is disabled and AppArmor is not installed on this system. > > There's no problem running gmi directly from the shell, as an unprivileged > user or as root. > > Any other thoughts, perhaps to do with postfix dropping privileges > from root=>user when the gmi command is run as a pipe service?
Postfix relies on POSIX calls to impersonate an unprivileged user (by manipulating the real/effective/saved UID and GID, and secondary groups). It is possible that your OS also manipulates other rights (capabilities, other resource controls) that Postfix is not aware of. Keep in mind that Postfix is a cross-platform applcation, and that not all the world is Linux. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org