From 585a2d64d27d02dd1547af050be58cbc654f82fb Mon Sep 17 00:00:00 2001 From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> Date: Fri, 31 Mar 2023 12:17:44 +0200 Subject: [PATCH] config: remove `chroot` for Dovecot & PostSRSd (#3208) * remove PostSRSd chroot * remove chroot for Dovecot A dedicated file for Dovecot's chroot environments is easier to handle and adjust later. --- target/dovecot/10-master.conf | 2 ++ target/dovecot/chroot.inc | 47 +++++++++++++++++++++++++++++++++++ target/postsrsd/postsrsd | 3 --- 3 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 target/dovecot/chroot.inc diff --git a/target/dovecot/10-master.conf b/target/dovecot/10-master.conf index 2c5fa6ba..e037367e 100644 --- a/target/dovecot/10-master.conf +++ b/target/dovecot/10-master.conf @@ -114,3 +114,5 @@ service dict { #group = } } + +!include chroot.inc diff --git a/target/dovecot/chroot.inc b/target/dovecot/chroot.inc new file mode 100644 index 00000000..dccffa1e --- /dev/null +++ b/target/dovecot/chroot.inc @@ -0,0 +1,47 @@ +# This file removes `chroot` environments that +# +# 1. are not strictly needed +# 2. can cause problems +# +# See https://github.com/docker-mailserver/docker-mailserver/pull/3208#pullrequestreview-1366106516 +# and it's related PRs. + +service aggregator { + chroot = +} + +service anvil { + chroot = +} + +service director { + chroot = +} + +service ipc { + chroot = +} + +service old-stats { + chroot = +} + +service imap-login { + chroot = +} + +service managesieve-login { + chroot = +} + +service pop3-login { + chroot = +} + +service submission-login { + chroot = +} + +service imap-urlauth-login { + chroot = +} diff --git a/target/postsrsd/postsrsd b/target/postsrsd/postsrsd index 1ec1822a..91b648c0 100644 --- a/target/postsrsd/postsrsd +++ b/target/postsrsd/postsrsd @@ -36,6 +36,3 @@ SRS_REVERSE_PORT=10002 # This is highly recommended as postsrsd handles untrusted input. # RUN_AS=postsrsd - -# Jail daemon in chroot environment -CHROOT=/var/lib/postsrsd