16.12.2024 17:02, Michael Tokarev via Postfix-users wrote:
16.12.2024 15:45, Wietse Venema via Postfix-users wrote:
So chroot is 'nice to have' but not for LINUX.
I've been in this boat for 25 years myself, 120% agree with that.
I want to understand the details.
To clarify. I've been thinking the same myself - chroot is not for
linux, because it's been a common consensus here on postfix-users.
However, after trying to configure postfix to use chroot on linux
myself, for the first time in 25 years, I was shocked how painless
it actually is, after some bug fixes on the postfix side (like
forgotten to be opened foo_checks maps in cleanup for example).
So I'm really curious now why this common consensus has been like
this for 2.5 decades.
I need /etc/resolv.conf (optional, since iirc it uses the previous
values if it can't open it on the next request, but nice to have
if your resolv.conf changes, for example when you move to a different
wifi with no local resolver).
I need /etc/localtime. This one might be different from FreeBSD but
trivial to have.
I need /etc/host.conf /etc/hosts and /etc/services when using
disable_dns_lookups or when using smtp_host_lookup=native. This
should be the same on FreeBSD.
And I need whatever extra files needed for *additional* nsswitch
modules which are configured, - if this mechanism exists on FreeBSD,
it should has very similar requirements.
And finally I need provision for Cyrus SASL. Which would be exactly
the same on FreeBSD, because it is the same Cyrus SASL, not because
it is FreeBSD.
That's basically it. Where the difference in pain level between FreeBSD
and Linux come from?
The rest - proxy: maps, ssl CA dir, etc - are exactly the same.
Thanks,
/mjt
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org