[mod_python] mailman with mod_python in chroot jail?

Deron Meranda deron.meranda at gmail.com
Mon Dec 4 14:49:17 EST 2006


On 12/4/06, Timon Schroeter <mailinglists_timon at schroeter.it> wrote:
> does anyone here have experience with running mailman on mod_python
> in a chroot-jail?
>
> If you don't, do you expect any obstacles I should be aware of?

I don't know specifically about mailman, but keep in mind that
when using chroot jails everything that you need must be resolvable
from inside the jail.  So this would also mean that you have to run
Apache inside the jail too.  From a Unix security perspecitive,
mod_python *IS* the same as Apache httpd.  And you probably also
need sendmail, etc. in there or whatever resources mailman needs.

I suspect really that you'll end up having to add so much to the
jail that it's not really worth it.  And chroot jails are notoriously
insecure (leaky) and hard to maintain (apply patches, etc) for all
but the simplest of daemons.

If you can possibly run on a modern Linux system, you may get
better security with less grief by using SElinux mandatory access
control rules than any chroot jail could give you.

But I have no direct experience attempting this is mailman, so
perhaps others have some better advice.


> Sorry if this has been answered before- I've unsucessfully tried
> google and the archives of this list- they aren't accessible from the
> listinfo-page: The link points to
> http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/
> mod_python/

Sorry, that appears to be a misconfiguration of the listinfo page.  Archives
are available though.  See http://wiki.apache.org/mod_python/Mailing_lists
for correct links.
-- 
Deron Meranda


More information about the Mod_python mailing list