Another solution is to move /var/spool/postfix/lib to another partition, then mount (potentially via fstab) that directory using 'bind' mounting. Unlike a symbolic link, a bind mount does work for chroot.
I am not a dynamic-linking-in-C expert, but do we really actually need the .so's in /var? Can't Postfix load the appropriate libraries before chrooting? That seems to work for other chrooted daemons, as far as I've seen.
signature.asc
Description: Digital signature
