32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From: Michael Tokarev <mjt@tls.msk.ru>
|
|
Date: Tue, 24 Dec 2024 12:21:10 +0300
|
|
Subject: add "debian-systemd-start" subcommand to postfix-script
|
|
Forwarded: not-needed
|
|
|
|
In order to have stricter privileges at runtime, there's a need
|
|
to split postfix startup procedure to "setup" stage and "runtime"
|
|
stage, because "setup" stage requires more privileges (for example,
|
|
it does `create-missing`, which needs chown). In Debian, for
|
|
systemd startup, we run `postfix check` in ExecStartPre with full
|
|
privs, and `postfix debian-systemd-start` in regular ExecStart,
|
|
with restricted privileges.
|
|
|
|
diff --git a/conf/postfix-script b/conf/postfix-script
|
|
--- a/conf/postfix-script
|
|
+++ b/conf/postfix-script
|
|
@@ -127,4 +127,15 @@ stop_msg)
|
|
;;
|
|
|
|
+debian-systemd-start) # debian-specific
|
|
+ # Second part of the startup. First part is done in ExecStartPre.
|
|
+ rm -f $queue_directory/quick-start
|
|
+ rm -f $queue_directory/debian-systemd-start #XXX read MAIL_DEBUG & MAIL_VERBOSE
|
|
+ [ -d /run/systemd/system ] && [ -n "$INVOCATION_ID" ] || {
|
|
+ $FATAL "the Postfix mail system is started through systemd but not under systemd?"
|
|
+ exit 1
|
|
+ }
|
|
+ $daemon_directory/master -w
|
|
+ ;;
|
|
+
|
|
start|start-fg)
|
|
|