On Thu, Nov 05, 2009 at 11:11:30PM -0500, Eric B. wrote:
> > Not necessarily. They may have already opened all the files they need and
> > loaded all the libraries they need before they chroot. Postfix processes
> > chroot themselves, after they initialize and just before they drop privs,
> > they are not started via fork/exec already in the chroot jail. For that,
> > you need to install and run all of Postfix in the jail.
>
> So in that case, doesn't it make all the files that are copied over to the
> /var/spool/postfix directory by the LINUX2 script pointless?
No, some libraries are loaded late, and it is not easy to predict which
ones are needed when.
> Obviously
> nothing seems to require anything in the lib/lib64 directories, the
> processes don't require a dev/log device,
This is wrong.
> and resolv.conf isn't read either.
This is system-configuration dependent. For example, it is read, if
nsswitch.conf does not use DNS.
> The "nice" thing about this is that it makes setting up chroot unbelievably
> easy for Postfix. The bad thing is that you can't customize anything
> specific to your jail, unless you run Postfix entirely in the jail...
The chroot jail contains files that need to be available late in the
processing, and are loaded on demand.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
