[RFC][PATCH][CVS] chroot jailing support

Rob Siemborski rjs3 at andrew.cmu.edu
Mon Dec 30 09:55:31 EST 2002


On Mon, 30 Dec 2002, Henrique de Moraes Holschuh wrote:

> Yes. We cannot easily protect the mail spool without a lot of huge changes
> to Cyrus.  I think we would need to at least:
>
[snip]
> 2.  Use IPC/pipes/whatever to talk to master (or another long-running
>     daemon), and let it keep all global state (mailbox db, tls and duplicate
>     dbs...)

Um, but since the mail spool is also global state (keep in mind shared
mailboxes), this will totally kill performance since we'd no longer be
able to mmap() the mail files (or we'd have outsourced basically all the
APIs except for parsing to this other long running process anyway).

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper






More information about the Info-cyrus mailing list