Subject: bin/30087: rc.d/postfix should support KEYWORD: chrootdir
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <cheeselottery@gmail.com>
List: netbsd-bugs
Date: 04/29/2005 05:13:00
>Number: 30087
>Category: bin
>Synopsis: rc.d/postfix should support KEYWORD: chrootdir
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Apr 29 05:13:00 +0000 2005
>Originator: Cheese Lottery
>Release: NetBSD 2.0.2
>Organization:
>Environment:
NetBSD xii.mine.nu 2.0.2_STABLE NetBSD 2.0.2_STABLE (Winchester) #0: Mon Apr 25 21:40:28 PDT 2005 krank@xii.mine.nu:/usr/build/i386.obj/sys/arch/i386/compile/winchester i386
>Description:
The current rc.d/postfix script helpfully copies files from /etc to postfix's queue directory. This helps when you want to run some of postfix's daemons chrooted. However, as the postfix documentation states, this is not quite enough. Syslogd needs to create a log socket inside the chroot directory, or some of the daemons will eventually stop logging correctly.
rc.d/syslogd already has some magic so that it will create a log socket for any script with KEYWORD: chrootdir and *_chrootdir set. It would be nice if rc.d/postfix could take advantage of this.
>How-To-Repeat:
n/a
>Fix:
I cooked up this patch, borrowing some text from rc.d/ntpd. It seems to work for me.
However, there is one thing: Besides setting postfix_chrootdir, postfix's master.cf needs to be edited to specify which daemons run chrooted. This is still left with the user and I've tried to mention it here.
--- src/etc/rc.d/postfix 2005-04-28 21:33:23.000000000 -0700
+++ postfix 2005-04-28 22:10:57.000000000 -0700
@@ -5,6 +5,14 @@
# PROVIDE: mail
# REQUIRE: LOGIN
+# KEYWORD: chrootdir
+#
+# postfix_chrootdir should be set to postfix's queue directory,
+# which is normally /var/spool/postfix
+#
+# /etc/postfix/master.cf must also be edited to specify which
+# daemons are to run chrooted.
+#
# we make mail start late, so that things like .forward's are not
# processed until the system is fully operational
@@ -18,23 +26,33 @@
stop_cmd=$start_cmd
reload_cmd=$start_cmd
extra_commands="reload"
-spooletcdir="/var/spool/${name}/etc"
-required_dirs=$spooletcdir
+required_dirs="$postfix_chrootdir" # if it is set, it must exist
postfix_precmd()
{
+ if [ -z "$postfix_chrootdir" ]; then
+ return 0;
+ fi
+
+ # If running in a chroot cage, ensure that the appropriate files
+ # exist inside the cage.
+ #
# As this is called after the is_running and required_dir checks
- # are made in run_rc_command(), we can safely assume ${spooletcdir}
- # exists and postfix isn't running at this point (unless forcestart
- # is used).
+ # are made in run_rc_command(), we can safely assume
+ # ${postfix_chrootdir} exists and postfix isn't running at this
+ # point (unless forcestart is used).
#
-
for f in localtime resolv.conf services; do
if [ -f /etc/$f ]; then
- cmp -s /etc/$f ${spooletcdir}/$f || \
- cp -p /etc/$f ${spooletcdir}/$f
+ cmp -s /etc/$f ${postfix_chrootdir}/etc/$f || \
+ cp -p /etc/$f ${postfix_chrootdir}/etc/$f
fi
done
+
+ if [ ! -d ${postfix_chrootdir}/var/run ]; then
+ rm -f ${postfix_chrootdir}/var/run
+ mkdir -p ${postfix_chrootdir}/var/run
+ fi
}
load_rc_config $name