diff options
Diffstat (limited to '')
-rw-r--r-- | examples/chroot-setup/AIX42 | 12 | ||||
-rw-r--r-- | examples/chroot-setup/BSDI2 | 4 | ||||
-rw-r--r-- | examples/chroot-setup/BSDI3 | 4 | ||||
-rw-r--r-- | examples/chroot-setup/FREEBSD3 | 4 | ||||
-rw-r--r-- | examples/chroot-setup/FreeBSD2 | 4 | ||||
-rw-r--r-- | examples/chroot-setup/HPUX10 | 23 | ||||
-rw-r--r-- | examples/chroot-setup/HPUX9 | 21 | ||||
-rw-r--r-- | examples/chroot-setup/IRIX5 | 39 | ||||
-rw-r--r-- | examples/chroot-setup/IRIX6 | 39 | ||||
-rw-r--r-- | examples/chroot-setup/LINUX2 | 91 | ||||
-rw-r--r-- | examples/chroot-setup/NETBSD1 | 4 | ||||
-rw-r--r-- | examples/chroot-setup/NEXTSTEP3 | 31 | ||||
-rw-r--r-- | examples/chroot-setup/OPENSTEP4 | 31 | ||||
-rw-r--r-- | examples/chroot-setup/OSF1 | 21 | ||||
-rw-r--r-- | examples/chroot-setup/Solaris10 | 112 | ||||
-rw-r--r-- | examples/chroot-setup/Solaris2 | 75 | ||||
-rw-r--r-- | examples/chroot-setup/Solaris8 | 106 |
17 files changed, 621 insertions, 0 deletions
diff --git a/examples/chroot-setup/AIX42 b/examples/chroot-setup/AIX42 new file mode 100644 index 0000000..41f15b5 --- /dev/null +++ b/examples/chroot-setup/AIX42 @@ -0,0 +1,12 @@ +umask 022 +mkdir /var/spool/postfix/etc +chmod 755 /var/spool/postfix/etc +for i in /etc/environment /etc/netsvc.conf /etc/localtime +do + test -e $i && cp $i /var/spool/postfix/etc +done +cp /etc/services /etc/resolv.conf /var/spool/postfix/etc +mkdir /var/spool/postfix/dev +chmod 755 /var/spool/postfix/dev +mknod /var/spool/postfix/dev/null c 2 2 +chmod 666 /var/spool/postfix/dev/null diff --git a/examples/chroot-setup/BSDI2 b/examples/chroot-setup/BSDI2 new file mode 100644 index 0000000..9d7f020 --- /dev/null +++ b/examples/chroot-setup/BSDI2 @@ -0,0 +1,4 @@ +umask 022 +mkdir /var/spool/postfix/etc +chmod 755 /var/spool/postfix/etc +cp /etc/localtime /etc/services /etc/resolv.conf /var/spool/postfix/etc diff --git a/examples/chroot-setup/BSDI3 b/examples/chroot-setup/BSDI3 new file mode 100644 index 0000000..9d7f020 --- /dev/null +++ b/examples/chroot-setup/BSDI3 @@ -0,0 +1,4 @@ +umask 022 +mkdir /var/spool/postfix/etc +chmod 755 /var/spool/postfix/etc +cp /etc/localtime /etc/services /etc/resolv.conf /var/spool/postfix/etc diff --git a/examples/chroot-setup/FREEBSD3 b/examples/chroot-setup/FREEBSD3 new file mode 100644 index 0000000..4afb0eb --- /dev/null +++ b/examples/chroot-setup/FREEBSD3 @@ -0,0 +1,4 @@ +umask 022 +mkdir /var/spool/postfix/etc +chmod 755 /var/spool/postfix/etc +cd /etc ; cp host.conf localtime services resolv.conf /var/spool/postfix/etc diff --git a/examples/chroot-setup/FreeBSD2 b/examples/chroot-setup/FreeBSD2 new file mode 100644 index 0000000..4afb0eb --- /dev/null +++ b/examples/chroot-setup/FreeBSD2 @@ -0,0 +1,4 @@ +umask 022 +mkdir /var/spool/postfix/etc +chmod 755 /var/spool/postfix/etc +cd /etc ; cp host.conf localtime services resolv.conf /var/spool/postfix/etc diff --git a/examples/chroot-setup/HPUX10 b/examples/chroot-setup/HPUX10 new file mode 100644 index 0000000..c886944 --- /dev/null +++ b/examples/chroot-setup/HPUX10 @@ -0,0 +1,23 @@ +# Setup chroot jail for HP-UX (9 or 10). -- tiggr (Pieter Schoenmakers) + +if test -z "${POSTFIX_DIR}"; then + if test -d /usr/spool/postfix; then + POSTFIX_DIR=/usr/spool/postfix + elif test -d /var/spool/postfix; then + POSTFIX_DIR=/var/spool/postfix + else + echo Please indicate POSTFIX_DIR in the environment >&2 + exit 2; + fi +fi + +set -e + +umask 022 + +cd ${POSTFIX_DIR} + +mkdir etc +cp /etc/services etc +mkdir -p usr/lib +cp /usr/lib/tztab usr/lib diff --git a/examples/chroot-setup/HPUX9 b/examples/chroot-setup/HPUX9 new file mode 100644 index 0000000..ca54c65 --- /dev/null +++ b/examples/chroot-setup/HPUX9 @@ -0,0 +1,21 @@ +# Setup chroot jail for HP-UX (9 or 10). -- tiggr (Pieter Schoenmakers) + +if test -z "${POSTFIX_DIR}"; then + if test -d /usr/spool/postfix; then + POSTFIX_DIR=/usr/spool/postfix + elif test -d /var/spool/postfix; then + POSTFIX_DIR=/var/spool/postfix + else + echo Please indicate POSTFIX_DIR in the environment >&2 + exit 2; + fi +fi + +set -e + +umask 022 + +cd ${POSTFIX_DIR} + +mkdir etc +cp /etc/services etc diff --git a/examples/chroot-setup/IRIX5 b/examples/chroot-setup/IRIX5 new file mode 100644 index 0000000..a8e3a40 --- /dev/null +++ b/examples/chroot-setup/IRIX5 @@ -0,0 +1,39 @@ +From owner-postfix-testers@porcupine.org Wed Oct 7 17:19:31 1998 +Delivered-To: wietse@porcupine.org +Delivered-To: postfix-testers@porcupine.org +Received: from star.win.or.jp (star.win.or.jp [202.26.20.3]) + by spike.porcupine.org (Postfix) with ESMTP + id 3123445D04; Wed, 7 Oct 1998 17:19:24 -0400 (EDT) +Received: (from ayamura@localhost) + by star.win.or.jp (8.9.1+CL.3.10/8.9.1) id GAA26589; + Thu, 8 Oct 1998 06:19:23 +0900 (JST) + (envelope-from ayamura) +From: Ayamura Kikuchi <ayamura@ayamura.org> +To: postfix-testers@porcupine.org +Subject: chroot-setup on IRIX +X-PGP-Fingerprint: 9F 4F FD B6 47 0D 87 65 7B 67 7C A9 70 F3 8C 52 +MIME-Version: 1.0 (generated by SEMI 1.9.0 - "Isurugi") +Content-Type: text/plain; charset=US-ASCII +Date: 08 Oct 1998 06:19:22 +0900 +Message-ID: <86u31g3w9x.fsf@star.ayamura.org> +Lines: 14 +User-Agent: Semi-gnus/6.8.19 SEMI/1.9.0 (Isurugi) FLIM/1.10.1 (Miyamaki) Emacs/20.3.90 (mips-sgi-irix6.2) MULE/4.0 (HANANOEN) +Sender: owner-postfix-testers@porcupine.org +Status: RO + +# Setup chroot jail for IRIX-5.x or 6.x -- Ayamura Kikuchi <ayamura@ayamura.org> + +set -e +umask 022 + +#Default POSTFIX_DIR = /var/postfix +#Else set POSTFIX_DIR in environment +POSTFIX_DIR=${POSTFIX_DIR-/var/postfix} + +/bin/mkdir -p ${POSTFIX_DIR}/etc +/bin/chmod 755 ${POSTFIX_DIR} +/bin/cp /etc/services /etc/resolv.conf ${POSTFIX_DIR}/etc + +-- Ayamura Kikuchi + + diff --git a/examples/chroot-setup/IRIX6 b/examples/chroot-setup/IRIX6 new file mode 100644 index 0000000..a8e3a40 --- /dev/null +++ b/examples/chroot-setup/IRIX6 @@ -0,0 +1,39 @@ +From owner-postfix-testers@porcupine.org Wed Oct 7 17:19:31 1998 +Delivered-To: wietse@porcupine.org +Delivered-To: postfix-testers@porcupine.org +Received: from star.win.or.jp (star.win.or.jp [202.26.20.3]) + by spike.porcupine.org (Postfix) with ESMTP + id 3123445D04; Wed, 7 Oct 1998 17:19:24 -0400 (EDT) +Received: (from ayamura@localhost) + by star.win.or.jp (8.9.1+CL.3.10/8.9.1) id GAA26589; + Thu, 8 Oct 1998 06:19:23 +0900 (JST) + (envelope-from ayamura) +From: Ayamura Kikuchi <ayamura@ayamura.org> +To: postfix-testers@porcupine.org +Subject: chroot-setup on IRIX +X-PGP-Fingerprint: 9F 4F FD B6 47 0D 87 65 7B 67 7C A9 70 F3 8C 52 +MIME-Version: 1.0 (generated by SEMI 1.9.0 - "Isurugi") +Content-Type: text/plain; charset=US-ASCII +Date: 08 Oct 1998 06:19:22 +0900 +Message-ID: <86u31g3w9x.fsf@star.ayamura.org> +Lines: 14 +User-Agent: Semi-gnus/6.8.19 SEMI/1.9.0 (Isurugi) FLIM/1.10.1 (Miyamaki) Emacs/20.3.90 (mips-sgi-irix6.2) MULE/4.0 (HANANOEN) +Sender: owner-postfix-testers@porcupine.org +Status: RO + +# Setup chroot jail for IRIX-5.x or 6.x -- Ayamura Kikuchi <ayamura@ayamura.org> + +set -e +umask 022 + +#Default POSTFIX_DIR = /var/postfix +#Else set POSTFIX_DIR in environment +POSTFIX_DIR=${POSTFIX_DIR-/var/postfix} + +/bin/mkdir -p ${POSTFIX_DIR}/etc +/bin/chmod 755 ${POSTFIX_DIR} +/bin/cp /etc/services /etc/resolv.conf ${POSTFIX_DIR}/etc + +-- Ayamura Kikuchi + + diff --git a/examples/chroot-setup/LINUX2 b/examples/chroot-setup/LINUX2 new file mode 100644 index 0000000..f9c6184 --- /dev/null +++ b/examples/chroot-setup/LINUX2 @@ -0,0 +1,91 @@ +#! /bin/sh + +# LINUX2 - shell script to set up a Postfix chroot jail for Linux +# Tested on SuSE Linux 5.3 (libc5) and 7.0 (glibc2.1) + +# Other testers reported as working: +# +# 2001-01-15 Debian sid (unstable) +# Christian Kurz <shorty@getuid.de> + +# Copyright (c) 2000 - 2001 by Matthias Andree +# Redistributable unter the MIT-style license that follows: +# Abstract: "do whatever you want except hold somebody liable or change +# the copyright information". + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +# 2000-09-29 +# v0.1: initial release + +# 2000-12-05 +# v0.2: copy libdb.* for libnss_db.so +# remove /etc/localtime in case it's a broken symlink +# restrict find to maxdepth 1 (faster) + +# Revision 1.4 2001/01/15 09:36:35 emma +# add note it was successfully tested on Debian sid +# +# 20060101 /lib64 support by Keith Owens. +# + +CP="cp -p" + +cond_copy() { + # find files as per pattern in $1 + # if any, copy to directory $2 + dir=`dirname "$1"` + pat=`basename "$1"` + lr=`find "$dir" -maxdepth 1 -name "$pat"` + if test ! -d "$2" ; then exit 1 ; fi + if test "x$lr" != "x" ; then $CP $1 "$2" ; fi +} + +set -e +umask 022 + +POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix} +cd ${POSTFIX_DIR} + +mkdir -p etc lib usr/lib/zoneinfo +test -d /lib64 && mkdir -p lib64 + +# find localtime (SuSE 5.3 does not have /etc/localtime) +lt=/etc/localtime +if test ! -f $lt ; then lt=/usr/lib/zoneinfo/localtime ; fi +if test ! -f $lt ; then lt=/usr/share/zoneinfo/localtime ; fi +if test ! -f $lt ; then echo "cannot find localtime" ; exit 1 ; fi +rm -f etc/localtime + +# copy localtime and some other system files into the chroot's etc +$CP -f $lt /etc/services /etc/resolv.conf /etc/nsswitch.conf etc +$CP -f /etc/host.conf /etc/hosts /etc/passwd etc +ln -s -f /etc/localtime usr/lib/zoneinfo + +# copy required libraries into the chroot +cond_copy '/lib/libnss_*.so*' lib +cond_copy '/lib/libresolv.so*' lib +cond_copy '/lib/libdb.so*' lib +if test -d /lib64; then + cond_copy '/lib64/libnss_*.so*' lib64 + cond_copy '/lib64/libresolv.so*' lib64 + cond_copy '/lib64/libdb.so*' lib64 +fi + +postfix reload diff --git a/examples/chroot-setup/NETBSD1 b/examples/chroot-setup/NETBSD1 new file mode 100644 index 0000000..53a2361 --- /dev/null +++ b/examples/chroot-setup/NETBSD1 @@ -0,0 +1,4 @@ +umask 022 +mkdir /var/spool/postfix/etc +chmod 755 /var/spool/postfix/etc +cd /etc ; cp localtime services resolv.conf /var/spool/postfix/etc diff --git a/examples/chroot-setup/NEXTSTEP3 b/examples/chroot-setup/NEXTSTEP3 new file mode 100644 index 0000000..a2f163e --- /dev/null +++ b/examples/chroot-setup/NEXTSTEP3 @@ -0,0 +1,31 @@ +# Setup chroot jail for NeXT, NEXTSTEP3. +# Some remarks to the NEXTSTEP3 jail apply: +# syslog: +# Logging with syslog(3) uses a sendto ("/dev/log"). For this to work in +# the jail, ${POSTFIX_DIR}/dev/log must be a hard link to /dev/log. This +# fails if /usr/spool/postfix is on another filesystem, and consequently, +# running chrooted will not be possible, unless you like to run your mail +# system without logging (not). +# +# For this trick to work, the following should be run at every reboot, +# preferably from /etc/rc, after syslog has been started (and given time +# to create /dev/log): +# POSTFIX_DIR=/usr/spool/postfix +# rm ${POSTFIX_DIR}/dev/log +# ln /dev/log ${POSTFIX_DIR}/dev/log + +set -e + +umask 022 + +POSTFIX_DIR=${POSTFIX_DIR-/usr/spool/postfix} + +cd ${POSTFIX_DIR} + +# If this fails, running chrooted will be useless. +mkdir dev +ln /dev/log dev + +mkdir etc etc/zoneinfo +cp /etc/zoneinfo/localtime etc/zoneinfo +cp /etc/resolv.conf etc diff --git a/examples/chroot-setup/OPENSTEP4 b/examples/chroot-setup/OPENSTEP4 new file mode 100644 index 0000000..a2f163e --- /dev/null +++ b/examples/chroot-setup/OPENSTEP4 @@ -0,0 +1,31 @@ +# Setup chroot jail for NeXT, NEXTSTEP3. +# Some remarks to the NEXTSTEP3 jail apply: +# syslog: +# Logging with syslog(3) uses a sendto ("/dev/log"). For this to work in +# the jail, ${POSTFIX_DIR}/dev/log must be a hard link to /dev/log. This +# fails if /usr/spool/postfix is on another filesystem, and consequently, +# running chrooted will not be possible, unless you like to run your mail +# system without logging (not). +# +# For this trick to work, the following should be run at every reboot, +# preferably from /etc/rc, after syslog has been started (and given time +# to create /dev/log): +# POSTFIX_DIR=/usr/spool/postfix +# rm ${POSTFIX_DIR}/dev/log +# ln /dev/log ${POSTFIX_DIR}/dev/log + +set -e + +umask 022 + +POSTFIX_DIR=${POSTFIX_DIR-/usr/spool/postfix} + +cd ${POSTFIX_DIR} + +# If this fails, running chrooted will be useless. +mkdir dev +ln /dev/log dev + +mkdir etc etc/zoneinfo +cp /etc/zoneinfo/localtime etc/zoneinfo +cp /etc/resolv.conf etc diff --git a/examples/chroot-setup/OSF1 b/examples/chroot-setup/OSF1 new file mode 100644 index 0000000..dd6ae64 --- /dev/null +++ b/examples/chroot-setup/OSF1 @@ -0,0 +1,21 @@ +******************************************************************* +# setup chroot jail for OSF1 +# prabhat@wonder +set -e +umask 022 + +#Default POSTFIX_DIR = /var/spool/postfix +#Else set POSTFIX_DIR in environment + +POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix} + +cd ${POSTFIX_DIR} +mkdir etc +cp /etc/svc.conf /etc/services /etc/resolv.conf etc +# +# The following line added to make the timestamps in syslog to be correct. +# /PetBi@UNIT.LiU.SE +# +cp -r /etc/zoneinfo etc + +#******************************************************************* diff --git a/examples/chroot-setup/Solaris10 b/examples/chroot-setup/Solaris10 new file mode 100644 index 0000000..8647d9a --- /dev/null +++ b/examples/chroot-setup/Solaris10 @@ -0,0 +1,112 @@ +#!/bin/sh +# From original Solaris 8 version by Matthew X. Economou +# Solaris 10 version updated by JD Bronson. Caution: this copies +# too many files. There is no need to copy libc.so and other files +# that are already linked in before a Postfix daemon chroots itself. + +COMMAND_DIRECTORY="/usr/sbin" +DAEMON_DIRECTORY="/usr/libexec/postfix" +QUEUE_DIRECTORY="/var/spool/postfix" + +## Copy any shared libraries, device entries, or configuration files +## needed by Postfix into the jail. +binlist=" +$DAEMON_DIRECTORY/virtual +$DAEMON_DIRECTORY/trivial-rewrite +$DAEMON_DIRECTORY/spawn +$DAEMON_DIRECTORY/smtpd +$DAEMON_DIRECTORY/smtp +$DAEMON_DIRECTORY/showq +$DAEMON_DIRECTORY/qmqpd +$DAEMON_DIRECTORY/qmgr +$DAEMON_DIRECTORY/proxymap +$DAEMON_DIRECTORY/pipe +$DAEMON_DIRECTORY/pickup +$DAEMON_DIRECTORY/nqmgr +$DAEMON_DIRECTORY/master +$DAEMON_DIRECTORY/local +$DAEMON_DIRECTORY/lmtp +$DAEMON_DIRECTORY/flush +$DAEMON_DIRECTORY/error +$DAEMON_DIRECTORY/cleanup +$DAEMON_DIRECTORY/bounce +/usr/lib/sendmail +$COMMAND_DIRECTORY/postsuper +$COMMAND_DIRECTORY/postqueue +$COMMAND_DIRECTORY/postmap +$COMMAND_DIRECTORY/postlog +$COMMAND_DIRECTORY/postlock +$COMMAND_DIRECTORY/postkick +$COMMAND_DIRECTORY/postfix +$COMMAND_DIRECTORY/postdrop +$COMMAND_DIRECTORY/postconf +$COMMAND_DIRECTORY/postcat +$COMMAND_DIRECTORY/postalias +" +ldd $binlist | awk '/[=]>/ { print $3 }' | sort -u | while read i +do + mkdir -p $QUEUE_DIRECTORY`dirname $i` + ## Sun's version of tar sucks. We'll have to remove the leading + ## slashes from file names ourself, otherwise the copy doesn't + ## work. + (cd / && tar cphf - `echo $i | sed -e 's/^\///'`) | (cd $QUEUE_DIRECTORY && tar xpf -) +done + +## More stuff for the jail, mostly discovered by inspection +## (e.g. strings, lsof). +more=" +/dev/zero +/dev/null +/dev/udp6 +/dev/tcp6 +/dev/udp +/dev/tcp +/dev/poll +/dev/rawip +/dev/ticlts +/dev/ticotsord +/dev/ticots +/devices/pseudo/mm@0:zero +/devices/pseudo/mm@0:null +/devices/pseudo/udp6@0:udp6 +/devices/pseudo/tcp6@0:tcp6 +/devices/pseudo/udp@0:udp +/devices/pseudo/tcp@0:tcp +/devices/pseudo/poll@0:poll +/devices/pseudo/icmp@0:icmp +/devices/pseudo/tl@0:ticlts +/devices/pseudo/tl@0:ticotsord +/devices/pseudo/tl@0:ticots +/etc/hosts +/etc/nsswitch.conf +/etc/netconfig +/etc/passwd +/etc/resolv.conf +/etc/default/init +/etc/default/nss +/etc/inet/services +/etc/inet/hosts +/etc/services +/lib/ld.so +/lib/ld.so.1 +/usr/lib/nss_dns.so.1 +/usr/lib/sparcv9/straddr.so +/usr/lib/straddr.so +/usr/lib/straddr.so.2 +/lib/libintl.so +/lib/libintl.so.1 +/lib/libw.so +/lib/libw.so.1 +/lib/nss_nis.so.1 +/lib/nss_nisplus.so.1 +/lib/nss_dns.so.1 +/lib/nss_files.so.1 +/usr/share/lib/zoneinfo +/var/ld/ld.config +" +for i in $more; do + mkdir -p $QUEUE_DIRECTORY`dirname $i` + (cd / && tar cpf - `echo $i | sed -e 's/^\///'`) | (cd $QUEUE_DIRECTORY && tar xpf -) +done + +exit 0 diff --git a/examples/chroot-setup/Solaris2 b/examples/chroot-setup/Solaris2 new file mode 100644 index 0000000..024492c --- /dev/null +++ b/examples/chroot-setup/Solaris2 @@ -0,0 +1,75 @@ +#!/bin/sh + +umask 022 +PATH=/usr/bin:/sbin:/usr/sbin + +# Create chroot'd area under Solaris 2.5.1 for postfix. +# +# Dug Song <dugsong@UMICH.EDU> + +if [ $# -ne 1 ]; then + echo "Usage: `basename $0` <directory>, e.g.: /var/spool/postfix" ; exit 1 +fi + +CHROOT=$1 + +# If CHROOT does not exist but parent does, create CHROOT +if [ ! -d ${CHROOT} ]; then + # lack of -p below is intentional + mkdir ${CHROOT} +fi +if [ ! -d ${CHROOT} -o "${CHROOT}" = "/" -o "${CHROOT}" = "/usr" ]; then + echo "$0: bad chroot directory ${CHROOT}" + exit 2 +fi +for dir in etc/default etc/inet dev usr/lib usr/share/lib/zoneinfo ; do + if [ ! -d ${CHROOT}/${dir} ]; then mkdir -p ${CHROOT}/${dir} ; fi +done +#chmod -R 755 ${CHROOT} + +# AFS support. +if [ "`echo $CHROOT | cut -c1-4`" = "/afs" ]; then + echo '\tCreating memory resident /dev...' + mount -F tmpfs -o size=10 swap ${CHROOT}/dev +fi + +# Setup /etc files. +cp /etc/nsswitch.conf ${CHROOT}/etc +cp /etc/netconfig /etc/resolv.conf ${CHROOT}/etc +cp /etc/default/init ${CHROOT}/etc/default +cp /etc/inet/services ${CHROOT}/etc/inet/services +ln -s /etc/inet/services ${CHROOT}/etc/services +find ${CHROOT}/etc -type f -exec chmod 444 {} \; + +# Most of the following are needed for basic operation, except +# for libnsl.so, nss_nis.so, libsocket.so, and straddr.so which are +# needed to resolve NIS names. +cp /usr/lib/ld.so /usr/lib/ld.so.1 ${CHROOT}/usr/lib +for lib in libc libdl libintl libmp libnsl libsocket libw \ + nss_nis nss_nisplus nss_dns nss_files; do + cp /usr/lib/${lib}.so.1 ${CHROOT}/usr/lib + rm -f ${CHROOT}/usr/lib/${lib}.so + ln -s ./${lib}.so.1 ${CHROOT}/usr/lib/${lib}.so +done +cp /usr/lib/straddr.so.2 ${CHROOT}/usr/lib +rm -f ${CHROOT}/usr/lib/straddr.so +ln -s ./straddr.so.2 ${CHROOT}/usr/lib/straddr.so +chmod 555 ${CHROOT}/usr/lib/* + +# Copy timezone database. +(cd ${CHROOT}/usr/share/lib/zoneinfo + (cd /usr/share/lib/zoneinfo; find . -print | cpio -o) | cpio -imdu + find . -print | xargs chmod 555 +) + +# Make device nodes. We need ticotsord, ticlts and udp to resolve NIS names. +for device in zero tcp udp ticotsord ticlts; do + line=`ls -lL /dev/${device} | sed -e 's/,//'` + major=`echo $line | awk '{print $5}'` + minor=`echo $line | awk '{print $6}'` + rm -f ${CHROOT}/dev/${device} + mknod ${CHROOT}/dev/${device} c ${major} ${minor} +done +chmod 666 ${CHROOT}/dev/* + +exit 0 diff --git a/examples/chroot-setup/Solaris8 b/examples/chroot-setup/Solaris8 new file mode 100644 index 0000000..973e731 --- /dev/null +++ b/examples/chroot-setup/Solaris8 @@ -0,0 +1,106 @@ +#!/bin/sh + +# Solaris 8 version by Matthew X. Economou. Caution: this copies +# too many files. There is no need to copy libc.so and other files +# that are already linked in before a Postfix daemon chroots itself. + +COMMAND_DIRECTORY="/usr/sbin" +DAEMON_DIRECTORY="/usr/libexec/postfix" +QUEUE_DIRECTORY="/var/spool/postfix" + +## Copy any shared libraries, device entries, or configuration files +## needed by Postfix into the jail. +binlist=" +$DAEMON_DIRECTORY/virtual +$DAEMON_DIRECTORY/trivial-rewrite +$DAEMON_DIRECTORY/spawn +$DAEMON_DIRECTORY/smtpd +$DAEMON_DIRECTORY/smtp +$DAEMON_DIRECTORY/showq +$DAEMON_DIRECTORY/qmqpd +$DAEMON_DIRECTORY/qmgr +$DAEMON_DIRECTORY/proxymap +$DAEMON_DIRECTORY/pipe +$DAEMON_DIRECTORY/pickup +$DAEMON_DIRECTORY/nqmgr +$DAEMON_DIRECTORY/master +$DAEMON_DIRECTORY/local +$DAEMON_DIRECTORY/lmtp +$DAEMON_DIRECTORY/flush +$DAEMON_DIRECTORY/error +$DAEMON_DIRECTORY/cleanup +$DAEMON_DIRECTORY/bounce +/usr/lib/sendmail +$COMMAND_DIRECTORY/postsuper +$COMMAND_DIRECTORY/postqueue +$COMMAND_DIRECTORY/postmap +$COMMAND_DIRECTORY/postlog +$COMMAND_DIRECTORY/postlock +$COMMAND_DIRECTORY/postkick +$COMMAND_DIRECTORY/postfix +$COMMAND_DIRECTORY/postdrop +$COMMAND_DIRECTORY/postconf +$COMMAND_DIRECTORY/postcat +$COMMAND_DIRECTORY/postalias +" +ldd $binlist | awk '/[=]>/ { print $3 }' | sort -u | while read i +do + mkdir -p $QUEUE_DIRECTORY`dirname $i` + ## Sun's version of tar sucks. We'll have to remove the leading + ## slashes from file names ourself, otherwise the copy doesn't + ## work. + (cd / && tar cphf - `echo $i | sed -e 's/^\///'`) | (cd $QUEUE_DIRECTORY && tar xpf -) +done + +## More stuff for the jail, mostly discovered by inspection +## (e.g. strings, lsof). +more=" +/dev/zero +/dev/null +/dev/udp6 +/dev/tcp6 +/dev/udp +/dev/tcp +/dev/poll +/dev/rawip +/dev/ticlts +/dev/ticotsord +/dev/ticots +/devices/pseudo/mm@0:zero +/devices/pseudo/mm@0:null +/devices/pseudo/udp6@0:udp6 +/devices/pseudo/tcp6@0:tcp6 +/devices/pseudo/udp@0:udp +/devices/pseudo/tcp@0:tcp +/devices/pseudo/poll@0:poll +/devices/pseudo/icmp@0:icmp +/devices/pseudo/tl@0:ticlts +/devices/pseudo/tl@0:ticotsord +/devices/pseudo/tl@0:ticots +/etc/nsswitch.conf +/etc/netconfig +/etc/default/init +/etc/inet/services +/etc/resolv.conf +/etc/services +/usr/lib/ld.so +/usr/lib/ld.so.1 +/usr/lib/sparcv9/straddr.so +/usr/lib/straddr.so +/usr/lib/libintl.so +/usr/lib/libintl.so.1 +/usr/lib/libw.so +/usr/lib/libw.so.1 +/usr/lib/nss_nis.so.1 +/usr/lib/nss_nisplus.so.1 +/usr/lib/nss_dns.so.1 +/usr/lib/nss_files.so.1 +/usr/share/lib/zoneinfo +/var/ld/ld.config +" +for i in $more; do + mkdir -p $QUEUE_DIRECTORY`dirname $i` + (cd / && tar cpf - `echo $i | sed -e 's/^\///'`) | (cd $QUEUE_DIRECTORY && tar xpf -) +done + +exit 0 |