Sam:
[ text/html is unsupported, treating like TEXT/PLAIN ]
> ?html style="direction: ltr;"?
> ?head?
>
> ?meta http-equiv="content-type" content="text/html; charset=UTF-8"?
> ?style id="bidiui-paragraph-margins" type="text/css"?body p {
> margin-bottom: 0cm; margin-top: 0pt; } ?/style?
> ?/head?
> ?body bidimailui-charset-is-forced="true" style="direction: ltr;"?
> ?p?Dear postfix experts:?/p?
> ?p??br?
> ?/p?
> ?p?While setting up postfix in a docker container, I have been
> getting the error "fatal: unknown service: smtp/tcp" when
> attempting to send an email. I investigated the issue, and it
> seems it has something to do with setting up chroot inside of
> docker container?/p?
> ?p??br?
> ?/p?
> ?p??a class="moz-txt-link-freetext"
> href="https://serverfault.com/questions/1052329/fatal-unknown-service-smtp-tcp-from-postfix-in-docker-using-start-fg"?https://serverfault.com/questions/1052329/fatal-unknown-service-smtp-tcp-from-postfix-in-docker-using-start-fg?/a??br?
> ?/p?
> ?p??br?
> ?/p?
> ?p?The easiest solution to this problem was to just disable chroot,
> which worked fine. I'm considering disabling chroot for all the
> postfix master services. Is this a bad move considering that
> postfix is running in a docker container? I would appreciate your
> insight into this.?/p?
The chroot feature makes post-exploitation of bugs (in Postfix,
libraries, etc) more more difficult, because there are fewer things
that an attacker can play with. For example no set-uid root programs,
no files in /proc, and no file system races against privileged programs.
One could argue that containers provide a minimized environment,
but that is not necessarily the case. The ones that do minimize
sometimes come with crippled libc implementations that introduce
problems of their own.
By the way it is rude to post html-only email to a mailing list.
Wietse
