Open hazcod opened 6 years ago
prattmic
commented
6 years ago You mean Postfix the mail server? I don't think anyone has tried it, but I'd imagine it works.
Why does Postfix require root? Just to listen on a low port number? I believe that would be workable with Docker remapping the port.
hazcod
commented
6 years ago 
ianlewis
commented
5 years ago You might be able to mount the right directories to get local mail delivery to work from a sandbox. Could you give it a try and let us know what you find?
hazcod
commented
5 years ago I was unable to get postfix to work under root, this is as far as I got.
A logger.go Go file was used to print out logs sent to the /var/log/ socket:
FROM alpine:latest as gobuilder
COPY logger.go /logger.go
RUN apk add --no-cache musl-dev go \
&& CGO_ENABLED=0 GOOS=linux go build -ldflags '-w -s -extldflags "-static"' -o /logger /logger.go
FROM alpine
ENV POSTFIX_VERSION="3.3.0-r4"
RUN apk add --no-cache "postfix=${POSTFIX_VERSION}" "postfix-pcre=${POSTFIX_VERSION}" \
&& echo "mailgroup:x:1999:" >> /etc/group \
&& rm -r /etc/postfix
COPY --from=gobuilder /logger $APP_DIR/logger
COPY conf/ $CONF_DIR
COPY run.sh $APP_DIR
RUN postmap -v -c $CONF_DIR $CONF_DIR/sender-canonical
RUN $APP_DIR/post-install.sh \
&& chmod 500 $APP_DIR/logger \
&& mkdir -p $CONF_DIR/dynamicmaps.cf.d \
&& mkdir -p $CONF_DIR/postfix-files.d \
&& chown -R root "$CONF_DIR" \
&& chown :mailgroup /usr/sbin/postqueue /usr/sbin/postdrop \
&& chmod g+s /usr/sbin/postqueue /usr/sbin/postdrop
EXPOSE 25000
VOLUME "$DATA_DIR"
HEALTHCHECK --interval=5s --timeout=3s --retries=3 CMD nc -zv 127.0.0.1 25000 || exit 1
USER root
CMD $APP_DIR/run.sh
Hello,
did anyone try postfix under gvisor? Since postfix requires root access, this would make a fine candidate to shield off the kernel from.
Also, am I correc to state that the purpose of gvisor is to shield off the kernel implementation using the golang vm?