(no email)
Date: Mon Apr 01 2002 - 16:19:23 EST
On Tue, 2 Apr 2002, Liviu Daia wrote:
>
> That won't work as long as some files / sockets / whatever
> associated to maps are opened before going into the chroot jail while
> others are opened (not necessarily by Postfix --- think MySQL) after
> that operation.
>
It does not have to catch all problems, it just has to be useful. If the
map checks are part of "postfix validate" rather than "postfix check"
false positives for error conditions are OK.
Most naive users should not be using chroot, and most map types with
delayed file access will not have a stat_fd unless the map uses cached (at
map open time) file based metadata to define the mapping of the dictionary
onto the underlying database. Also to support troubleshooting it should be
possible to use "postmap -q" to query all maps on a working system, so all
the necessary symlinks should be there to allow the map to be used both
inside and outside the chroot jail.
I know that the general problem does not easily admit a 100% solution, but
we can (if it is worth the gains) do something less than perfect for
reasonable gains.
The "postconf" variable expansion issue is I believe the main obstacle to
success: all my DB maps are specified as btree:$config_directory/filename.
The postmap and postfix-script changes would be simple.
-- Viktor. - To unsubscribe, send mail to with content (not subject): unsubscribe postfix-users
|
|
|