On 3/09/19 4:18 AM, Viktor Dukhovni wrote:
I just want to make sure, the current stable version of Postfix does work
chrooted in current centos 7, right?
Postfix supports entering a chroot jail. Ensuring that the various
system libraries that Postfix depends on still work in that jail is
not the responsibility of Postfix. So the question is perhaps ill-posed.
Postfix smtp(8) and other services work in a sufficiently well
constructed chroot jail. Perhaps your question is whether
Centos 7 comes pre-configured with such a jail? That's a Centos 7
question more than a Postfix question, and would be largely independent
of the Postfix release.
Neither the postfix that comes with CentOS or the Ghettoforge packages
support chroot. That does not mean that it won't work, but the onus is
on you to set it up and configure the jail. For this particular issue I
would probably venture to say that didn't copy resolv.conf to the chroot
jail properly. It might also be selinux getting in the way.
Personally I don't recommend running postfix as chroot since it (imo)
creates more problems than it solves, but if you want to you can. I
would recommend writing a script that sets up (and another that tears
down) the jail and calling it from ExecStartPre and ExecStartPost
systemd service files. How to do that is a bit beyond the scope of this
mailing list, but you should be able to get help from systemd channels
elsewhere. A bit more specifically you can add in a directory and file
and import it into systemd so it takes precedence over but does not
overwrite the postfix service file that comes packaged with postfix.
Let me know if you need any more help.
Regards,
Peter Ajamian
