running in unprivileged containers

18 views
Skip to first unread message

Aleksandar Kostadinov

unread,
Dec 15, 2021, 8:03:10 AM12/15/21
to
Hello,

I would like to run postfix inside an unprivileged container like what one can run in Kubernetes or OpenShift.

The point of the unprivileged container is that processes are started with a random uid and isolated storage, network, etc.

So running inside OpenShift/kubernetes that you don't own but are just a user, you are not allowed to run privileged containers (where root can be used), because that can compromise the whole system if untrusted code is run.

I see old threads like [1] about running unprivileged. And rejection at the time makes sense. But now with all the usage of containers for isolation, for many use cases it is reasonable to run unprivileged.

Would it be possible to reconsider ability to disable security features so that everything can run unprivileged without restricting spawn processes and whatever else is being done by postfix?

Something like OpenSSH where privilege separation can be disabled and one can run just as the current user.

Thank you.

[1] https://groups.google.com/g/mailing.postfix.users/c/9endMsNCREo?pli=1
Reply all
Reply to author
Forward
0 new messages