deuill/coreos-home-server
1
0
Fork 0
mirror of https://github.com/deuill/coreos-home-server.git synced 2024-09-21 13:40:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

dovecot: Add chroot in container

Browse Source 
Dovecot will, by default, have login processes run under a limited
`chroot` environment. However, this broke recently with the update to
Podman 4.4.1 and the removal of implicit `CAP_CHROOT` capabilities.
This commit re-adds these in place.
This commit is contained in:
Alex Palaistras 2023-03-13 11:03:50 +00:00
parent c01eed0761
commit e7e90f0002
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
service/dovecot/systemd/dovecot.service
View File

@ -11,6 +11,7 @@ SyslogIdentifier=%N
Restart=on-failure Restart=on-failure
Environment=PODMAN_SYSTEMD_UNIT=%n Environment=PODMAN_SYSTEMD_UNIT=%n
ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \ ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \
--cap-add SYS_CHROOT \
--env-file %E/coreos-home-server/%N/%N.env \ --env-file %E/coreos-home-server/%N/%N.env \
--env-file %E/coreos-home-server/rspamd/rspamd.env \ --env-file %E/coreos-home-server/rspamd/rspamd.env \
--publish 143:143 --publish 993:993 --publish 4190:4190 \ --publish 143:143 --publish 993:993 --publish 4190:4190 \