Stan Hoeppner schreef op 2013-11-09 04:22:
On 11/8/2013 4:05 AM, li...@rhsoft.net wrote:
there are only rare situations where a chrooted postfix
makes sense and so they should not making a problematic
default which gains nothing on 999 out of 1000 setups
The reason for chrooting Postfix is due to a Debian policy established
loooong ago, and it is not Postfix specific. IIRC there's a class of
services that all get chrooted in Debian, but for the life of me I
can't
seem to find the policy doc that explains this. So far I can't find it
in the Debian Policy Manual
http://www.debian.org/doc/debian-policy/
Not sure where it is, but the chroot policy is described somewhere.
Debian is pretty good WRT documentation. Good at making it easy to
find
is another matter...
As far as I know it was only under consideration long ago (around the
time when Solaris Containers where introduced it became a topic again if
I'm not mistaken) and it is an advisory for building packages on a
developer machine. Postfix is still one of the few services doing it and
I still wonder why as it makes things complex to a point where admins
start playing with ln, chmod and cp to get things working. Reading
bugreport 151692[1], seeing all the chroot bugreports and taking the
request from the SELinux Debian Developers into account it makes me
wonder a lot who is going to end this. Wietse or Debian Technical
Committee.
Hans
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=151692
