On 2024-12-16 15:59, Michael Tokarev via Postfix-users wrote:
>
>> All of the chroot features, fine grained, and even more are now much
>> easier to set up with namespaces, syscomp filters, BPFs, CGroups,
>> capabilities etc. This is not SELinux madness with unauditable rules...
> All this stuff h
16.12.2024 17:41, Tomasz Pala via Postfix-users wrote:
On 2024-12-16 13:22, Michael Tokarev via Postfix-users wrote:
This is exactly why I started this whole thread: is chroot in postfix worth
the efforts these days or not, from the upstream PoV? And the very first
Linux chroot() was never _
On 2024-12-16 13:22, Michael Tokarev via Postfix-users wrote:
>
> This is exactly why I started this whole thread: is chroot in postfix worth
> the efforts these days or not, from the upstream PoV? And the very first
Linux chroot() was never _worth_ any trouble.
It should have been used when it
16.12.2024 17:18, Michael Tokarev wrote:
That's basically it. Where the difference in pain level between FreeBSD
and Linux come from?
Heck. I just come across examples/chroot-setup/FreeBSD2.
My Postfix setup on Linux is exactly the same. Everything is chrooted
(besides obvious local, proxy
16.12.2024 17:02, Michael Tokarev via Postfix-users wrote:
16.12.2024 15:45, Wietse Venema via Postfix-users wrote:
So chroot is 'nice to have' but not for LINUX.
I've been in this boat for 25 years myself, 120% agree with that.
I want to understand the details.
To clarify. I've been thin
Michael Tokarev:
> 16.12.2024 15:45, Wietse Venema via Postfix-users wrote:
>
> > On LINUX systems, chroot is for people who want to suffer pain.
> > On my FreeBSD server, Postfix chroot is painles.
>
> Does Cyrus SASL work on your FreeBSD with less pain than on Linux?
My servers use none of tha
16.12.2024 15:45, Wietse Venema via Postfix-users wrote:
On LINUX systems, chroot is for people who want to suffer pain.
On my FreeBSD server, Postfix chroot is painles.
Does Cyrus SASL work on your FreeBSD with less pain than on Linux?
I'd love to know the details :)
Other than nsswitch lazi
Michael Tokarev via Postfix-users:
> 16.12.2024 14:52, Viktor Dukhovni via Postfix-users wrote:
> > On Mon, Dec 16, 2024 at 12:03:52PM +0300, Michael Tokarev via Postfix-users
> > wrote:
> >
> >> The good news though is that all libnss_*.so which comes with glibc
> >> are not needed in chroot at
16.12.2024 14:52, Viktor Dukhovni via Postfix-users wrote:
On Mon, Dec 16, 2024 at 12:03:52PM +0300, Michael Tokarev via Postfix-users
wrote:
The good news though is that all libnss_*.so which comes with glibc
are not needed in chroot at all, they're built-in to the libc.so
proper, and separat
On Mon, Dec 16, 2024 at 12:03:52PM +0300, Michael Tokarev via Postfix-users
wrote:
> The good news though is that all libnss_*.so which comes with glibc
> are not needed in chroot at all, they're built-in to the libc.so
> proper, and separate .so files are provided for compatibility only.
But su
16.12.2024 01:16, Wietse Venema via Postfix-users wrote:
Michael Tokarev via Postfix-users:
09.12.2024 17:17, Wietse Venema via Postfix-users wrote:
..
Does nsswitch use lazy initialization or greedy initialization?
It's as lazy as possible, as it turns out, at least in glibc.
I'm trying to
Michael Tokarev via Postfix-users:
> 09.12.2024 17:17, Wietse Venema via Postfix-users wrote:
> ...
> > Setting up the necessary helper files under /var/spool/postfix
> > (nsswitch.conf, TLS, resolv.conf, services) remains platform-specific.
>
> I was under impression postfix does not need nsswitc
09.12.2024 17:17, Wietse Venema via Postfix-users wrote:
...
Setting up the necessary helper files under /var/spool/postfix
(nsswitch.conf, TLS, resolv.conf, services) remains platform-specific.
I was under impression postfix does not need nsswitch.conf in the chroot.
But I was wrong.
smtp_hos
10.12.2024 02:16, Jaroslaw Rafa via Postfix-users wrote:
Dnia 10.12.2024 o godz. 01:58:58 Michael Tokarev via Postfix-users pisze:
Hm... read-only /etc? How do you reconfigure anything then?
Remount-rw, configure, remount-ro. There's no need to configure
anything during regular system operati
10.12.2024 02:02, Wietse Venema via Postfix-users пишет:
Michael Tokarev via Postfix-users:
10.12.2024 00:46, Wietse Venema via Postfix-users wrote:
The prob here is that it isn't trivial at all to set up the
chroot environment, despite all the efforts to solve this so
far. Many things can be
Dnia 10.12.2024 o godz. 01:58:58 Michael Tokarev via Postfix-users pisze:
> >Hm... read-only /etc? How do you reconfigure anything then?
>
> Remount-rw, configure, remount-ro. There's no need to configure
> anything during regular system operations, actual time when
> configuration is happening i
Michael Tokarev via Postfix-users:
> 10.12.2024 00:46, Wietse Venema via Postfix-users wrote:
>
> >> The prob here is that it isn't trivial at all to set up the
> >> chroot environment, despite all the efforts to solve this so
> >> far. Many things can be simplified greatly by using proxy
> >> ma
10.12.2024 01:31, Jaroslaw Rafa via Postfix-users wrote:
Dnia 10.12.2024 o godz. 01:21:51 Michael Tokarev via Postfix-users pisze:
It redirected a few (maybe just one) runtime-info file from
/etc to /run - this way, /etc can be read-only (I used RO
/etc for years before systemd).
Hm... read-on
Dnia 10.12.2024 o godz. 01:21:51 Michael Tokarev via Postfix-users pisze:
> It redirected a few (maybe just one) runtime-info file from
> /etc to /run - this way, /etc can be read-only (I used RO
> /etc for years before systemd).
Hm... read-only /etc? How do you reconfigure anything then?
--
Rega
10.12.2024 00:46, Wietse Venema via Postfix-users wrote:
The prob here is that it isn't trivial at all to set up the
chroot environment, despite all the efforts to solve this so
far. Many things can be simplified greatly by using proxy
maps for example, and that probably will be the way I'll
re
Michael Tokarev via Postfix-users:
> > If this can't be automated, then no-one wiill use it.
>
> It's a very good point. Actually I thought about this too.
>
> So how do you think, is it good idea to let user to enable chroot
> "easily" in a distribution like debian, when this user might be
> ab
09.12.2024 17:17, Wietse Venema via Postfix-users wrote:
Turning on chroot is possible for most master.cf entries except
those that use proxymap, postlogd, pipe, local, spawn (I may be
missing one). You can use "postconf -F "*/*/command" to find these,
and "postconf -F xxx/yyy/chroot=y" to turn
Michael Tokarev via Postfix-users:
> Hi!
>
> It's been a very long story with debian installing postfix chrooted by
> default.
> For about 25 years there were multiple, endless bug reports here on postfix-
> users, in debian bug tracker, in ubuntu bug tracker and elsewhere, all kinds
> of issues
On 09-12-2024 10:37, Michael Tokarev via Postfix-users wrote:
I'd love to hear other opinions and comments about this matter.
First I need to say that I'm no programmer, nor an expert.
I'm running postfix on Debian 12, and am happy with the setup.
I have not unchrooted to the best of my knowled
On 2024-12-09 Michael Tokarev via Postfix-users wrote:
> It's been a very long story with debian installing postfix chrooted by
> default.
> For about 25 years there were multiple, endless bug reports here on postfix-
> users, in debian bug tracker, in ubuntu bug tracker and elsewhere, all kinds
>
25 matches
Mail list logo
