On Mon, 16 Jun 2003 15:31:19 +0200, Guillaume Cottenceau wrote: > Isn't it the same problem for /var/lib/sasl ?
Could be I dunno. I have moved completely away from sasl v1 here. > Is it good to put connections between chroot jail and outside the > chroot? The "connection" is a socket to a daemon. Anyone who thinks chroot protects anything more than filesystem access needs to revisit chroot. If you want to protect access to networking and other communications channels something a lot stronger than chroot is needed, like MAC for example. > Should this be done in the postfix build-me-my-chroot %post > script? Good question. The other option is to use mount -bind as (IIRC) Luca does to give access to /var/lib/sasl2 in the postifx chroot "jail". b.
