On Monday, November 11, 2013 20:41:05 Hans Spaans wrote: > Stan Hoeppner schreef op 2013-11-09 04:22: > > On 11/8/2013 4:05 AM, li...@rhsoft.net wrote: > >> there are only rare situations where a chrooted postfix > >> makes sense and so they should not making a problematic > >> default which gains nothing on 999 out of 1000 setups > > > > The reason for chrooting Postfix is due to a Debian policy established > > loooong ago, and it is not Postfix specific. IIRC there's a class of > > services that all get chrooted in Debian, but for the life of me I > > can't > > seem to find the policy doc that explains this. So far I can't find it > > in the Debian Policy Manual > > > > http://www.debian.org/doc/debian-policy/ > > > > Not sure where it is, but the chroot policy is described somewhere. > > Debian is pretty good WRT documentation. Good at making it easy to > > find > > is another matter... > > As far as I know it was only under consideration long ago (around the > time when Solaris Containers where introduced it became a topic again if > I'm not mistaken) and it is an advisory for building packages on a > developer machine. Postfix is still one of the few services doing it and > I still wonder why as it makes things complex to a point where admins > start playing with ln, chmod and cp to get things working. Reading > bugreport 151692[1], seeing all the chroot bugreports and taking the > request from the SELinux Debian Developers into account it makes me > wonder a lot who is going to end this. Wietse or Debian Technical > Committee. > > Hans > > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=151692
This is increasingly off topic for postfix-users. I'd suggest taking this up in a Debian specific forum. Personally, I run postfix in a chroot everywhere, so I don't understand the fuss. There are occasional problems and they get fixed. The Debian maintainer has a different view than the upstream developer on default configuration is not at all an unusual thing to happen, but it needs to be addressed in the distro, not here. Scott K