Hi Trent,
 
How do BSD jails address letting two services talk to one another,
in a limited way?

For example, postfix wants to talk to dovecot's SASL implementation over
a unix socket.

The way this works for me at the moment (on Linux) is that one opens a
socket in the other's chroot area, before chrooting into its own area.
Because it was already open before chroot(2), it can continue using it.

I do not think you can do it this way

(Well, if you would reprogram and use jail(2) or jail_attach(2) in the code instead of chroot(2)?.. besides, it would be one way of writing code for BSD only, a bit of a revenge for the Linuxisms find elsewhere;-)

Of course you can run both in the same jail and do the "usual" chroot.

Or you have them in separate jails and use TCP/IP.

Regards
Peter


On Fri, Nov 27, 2015 at 11:07 AM, Trent W. Buck via luv-main <luv-main@luv.asn.au> wrote:
Peter,

> Compare this with jails:
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html

How do BSD jails address letting two services talk to one another,
in a limited way?

For example, postfix wants to talk to dovecot's SASL implementation over
a unix socket.

The way this works for me at the moment (on Linux) is that one opens a
socket in the other's chroot area, before chrooting into its own area.
Because it was already open before chroot(2), it can continue using it.

_______________________________________________
luv-main mailing list
luv-main@luv.asn.au
http://lists.luv.asn.au/listinfo/luv-main