|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Eric B. (ebenze
hotmail.com)
Date: Thu Nov 05 2009 - 22:11:30 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Victor Duchovni" <Victor.Duchovnimorganstanley.com> wrote in message
news:20091106004615.GN27037np305c2n2.ms.com...
> On Thu, Nov 05, 2009 at 06:36:28PM -0500, Eric B. wrote:
>
>> smtp 7886 postfix rtd DIR 253,0 4096
>> 1762695 /var/spool/postfix
>
> The smtp(8) delivery agent is chrooted.
>
>> So if these deamons are actually running chroot, wouldn't they need the
>> lib
>> dirs?
>
> Not necessarily. They may have already opened all the files they need and
> loaded all the libraries they need before they chroot. Postfix processes
> chroot themselves, after they initialize and just before they drop privs,
> they are not started via fork/exec already in the chroot jail. For that,
> you need to install and run all of Postfix in the jail.
So in that case, doesn't it make all the files that are copied over to the
/var/spool/postfix directory by the LINUX2 script pointless? Obviously
nothing seems to require anything in the lib/lib64 directories, the
processes don't require a dev/log device, and resolv.conf isn't read either.
I can only assume the same about nsswitch.conf, etc...
The "nice" thing about this is that it makes setting up chroot unbelievably
easy for Postfix. The bad thing is that you can't customize anything
specific to your jail, unless you run Postfix entirely in the jail...
Why bother even having helper scripts / examples to create the jails if none
of the files are required? Are these examples / scripts outdated?
Thanks,
Eric
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]