Jailed postfix - Cannot connect to named Unix socket
jeremie le-hen
le-hen_j at epita.fr
Fri Apr 23 07:37:25 PDT 2004
Hi list,
I set up a Postfix system in a jail, using mount_nullfs(8) in order to
access various files it needs (libs, mailboxes, and so on...). The main
goal is that I can start Postfix either in a jail or not, and it doesn't
complain. Therefore I can do nearly everything from the host : exporting
mailboxes using NFS, managing Postfix queues, stopping the mail system...
However, I got a strange message when I use mailq(1) on a jailed Postfix
that I don't have when using it on a standart Postfix :
obiwan:log# mailq
postqueue: warning: Mail system is down -- accessing queue directly
Mail queue is empty
I used ktrace(1) to see where does the problem come from and it appears
that when postqueue(1) tries to connect to named Unix socket
`/var/spool/postfix/public/showq' from the host and Postfix runs in a
jail, it gets a ECONNREFUSED while it works perfectly when Postfix is not
jailed.
I read the << Jails: Confining the omnipotent root >> paper from phk@ and
rwatson@ and I saw that << Jail does not prevent, nor is it intended to
prevent, the use of covert channels or communications mechanisms via
accepted interfaces -- for example, two processes may communicate via
sockets over the IP network interface. >> Right, I understand that
jail(2) tries to create a virtual machine just as it would be on a real
one and therefore does not allow communication between processes from
different virtual machine using Unix sockets. But I do not want to have
to ssh my jail just to see mail queues. Does anyone have a solution to
use mailq(1) (or postqueue(1)) from the host without "accessing queue
directly" ?
Regards,
--
Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen at epita.fr
ttz at epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
More information about the freebsd-questions
mailing list