"Victor Duchovni" <victor.ducho...@morganstanley.com> wrote in message news:20091106004615.gn27...@np305c2n2.ms.com... > On Thu, Nov 05, 2009 at 06:36:28PM -0500, Eric B. wrote: > >> smtp 7886 postfix rtd DIR 253,0 4096 >> 1762695 /var/spool/postfix > > The smtp(8) delivery agent is chrooted. > >> So if these deamons are actually running chroot, wouldn't they need the >> lib >> dirs? > > Not necessarily. They may have already opened all the files they need and > loaded all the libraries they need before they chroot. Postfix processes > chroot themselves, after they initialize and just before they drop privs, > they are not started via fork/exec already in the chroot jail. For that, > you need to install and run all of Postfix in the jail.
So in that case, doesn't it make all the files that are copied over to the /var/spool/postfix directory by the LINUX2 script pointless? Obviously nothing seems to require anything in the lib/lib64 directories, the processes don't require a dev/log device, and resolv.conf isn't read either. I can only assume the same about nsswitch.conf, etc... The "nice" thing about this is that it makes setting up chroot unbelievably easy for Postfix. The bad thing is that you can't customize anything specific to your jail, unless you run Postfix entirely in the jail... Why bother even having helper scripts / examples to create the jails if none of the files are required? Are these examples / scripts outdated? Thanks, Eric
