From owner-freebsd-questions@FreeBSD.ORG Fri Apr 23 07:37:25 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8782616A4CE for ; Fri, 23 Apr 2004 07:37:25 -0700 (PDT) Received: from deliver.epitech.net (deliver.epitech.net [163.5.0.25]) by mx1.FreeBSD.org (Postfix) with SMTP id C10BF43D60 for ; Fri, 23 Apr 2004 07:37:24 -0700 (PDT) (envelope-from le-hen_j@epita.fr) Received: from epita.fr ([10.42.1.60]) by deliver.epitech.net (SAVSMTP 3.1.2.35) with SMTP id M2004042316334304911 for ; Fri, 23 Apr 2004 16:33:43 +0200 Received: from rocco (rocco.epita.fr [10.42.14.9]) by epita.fr id i3NEbLs00510 Fri, 23 Apr 2004 16:37:21 +0200 (CEST) Date: Fri, 23 Apr 2004 16:37:20 +0200 From: jeremie le-hen To: freebsd-questions@freebsd.org Message-ID: <20040423143720.GA6704@rocco.epita.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i cc: jeremie le-hen Subject: Jailed postfix - Cannot connect to named Unix socket X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Apr 2004 14:37:25 -0000 Hi list, I set up a Postfix system in a jail, using mount_nullfs(8) in order to access various files it needs (libs, mailboxes, and so on...). The main goal is that I can start Postfix either in a jail or not, and it doesn't complain. Therefore I can do nearly everything from the host : exporting mailboxes using NFS, managing Postfix queues, stopping the mail system... However, I got a strange message when I use mailq(1) on a jailed Postfix that I don't have when using it on a standart Postfix : obiwan:log# mailq postqueue: warning: Mail system is down -- accessing queue directly Mail queue is empty I used ktrace(1) to see where does the problem come from and it appears that when postqueue(1) tries to connect to named Unix socket `/var/spool/postfix/public/showq' from the host and Postfix runs in a jail, it gets a ECONNREFUSED while it works perfectly when Postfix is not jailed. I read the << Jails: Confining the omnipotent root >> paper from phk@ and rwatson@ and I saw that << Jail does not prevent, nor is it intended to prevent, the use of covert channels or communications mechanisms via accepted interfaces -- for example, two processes may communicate via sockets over the IP network interface. >> Right, I understand that jail(2) tries to create a virtual machine just as it would be on a real one and therefore does not allow communication between processes from different virtual machine using Unix sockets. But I do not want to have to ssh my jail just to see mail queues. Does anyone have a solution to use mailq(1) (or postqueue(1)) from the host without "accessing queue directly" ? Regards, -- Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr ttz@epita.fr Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!