|
Deron Meranda
deron.meranda at gmail.com
Mon Dec 4 14:49:17 EST 2006
On 12/4/06, Timon Schroeter <mailinglists_timon at schroeter.it> wrote: > does anyone here have experience with running mailman on mod_python > in a chroot-jail? > > If you don't, do you expect any obstacles I should be aware of? I don't know specifically about mailman, but keep in mind that when using chroot jails everything that you need must be resolvable from inside the jail. So this would also mean that you have to run Apache inside the jail too. From a Unix security perspecitive, mod_python *IS* the same as Apache httpd. And you probably also need sendmail, etc. in there or whatever resources mailman needs. I suspect really that you'll end up having to add so much to the jail that it's not really worth it. And chroot jails are notoriously insecure (leaky) and hard to maintain (apply patches, etc) for all but the simplest of daemons. If you can possibly run on a modern Linux system, you may get better security with less grief by using SElinux mandatory access control rules than any chroot jail could give you. But I have no direct experience attempting this is mailman, so perhaps others have some better advice. > Sorry if this has been answered before- I've unsucessfully tried > google and the archives of this list- they aren't accessible from the > listinfo-page: The link points to > http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/ > mod_python/ Sorry, that appears to be a misconfiguration of the listinfo page. Archives are available though. See http://wiki.apache.org/mod_python/Mailing_lists for correct links. -- Deron Meranda
|