On Wed, 15 Oct 2025 11:23:13 +0200 Andrey Albershteyn
<[email protected]> wrote:
On 2025-10-13 16:34:24, Darrick J. Wong wrote:
> From: Darrick J. Wong <[email protected]>
>
> Iustin Pop reports that the xfs_scrub_fail service fails to email
> problem reports on Debian when postfix is installed. This is apparently
> due to several factors:
>
> 1. postfix's sendmail wrapper calling postdrop directly,
> 2. postdrop requiring the ability to write to the postdrop group,
> 3. lockdown preventing the xfs_scrub_fail@ service to have postdrop in
> the supplemental group list or the ability to run setgid programs
>
> Item (3) could be solved by adding the whole service to the postdrop
> group via SupplementalGroups=, but that will fail if postfix is not
> installed and hence there is no postdrop group.
>
> It could also be solved by forcing msmtp to be installed, bind mounting
> msmtp into the service container, and injecting a config file that
> instructs msmtp to connect to port 25, but that in turn isn't compatible
> with systems not configured to allow an smtp server to listen on ::1.
>
> So we'll go with the less restrictive approach that e2scrub_fail@ does,
> which is to say that we just turn off all the sandboxing. :( :(
It looks like we has become too addicted to this sandboxig stuff,
without thinking where such sandboxing makes sense and where it is
not. And `systemd-analyze security` is definitely not helping here, --
there's no reason to turn something on just to have more green in
the output of this utility.
The service (xfs_scrub_fail) does not need sandboxing to begin with,
since it is not security-sensitive.
Can we fix this for trixie please? It is hurting.
/mjt
