[RFC][PATCH][CVS] chroot jailing support

Henrique de Moraes Holschuh hmh at debian.org
Mon Dec 30 09:59:12 EST 2002


On Mon, 30 Dec 2002, Rob Siemborski wrote:
> On Mon, 30 Dec 2002, Henrique de Moraes Holschuh wrote:
> > Yes. We cannot easily protect the mail spool without a lot of huge changes
> > to Cyrus.  I think we would need to at least:
> >
> [snip]
> > 2.  Use IPC/pipes/whatever to talk to master (or another long-running
> >     daemon), and let it keep all global state (mailbox db, tls and duplicate
> >     dbs...)
> 
> Um, but since the mail spool is also global state (keep in mind shared
> mailboxes), this will totally kill performance since we'd no longer be

Hmm... indeed. Shared mailboxes basically make it impossible to safeguard
the spool UNLESS one is using a filesystem that can emulate the ACL
functionality in Cyrus exactly. I.e. it is not worth the effort...

> able to mmap() the mail files (or we'd have outsourced basically all the

That would be too huge a performance hit.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh




More information about the Info-cyrus mailing list