Dne 17. 02. 21 v 15:27 Thorsten Kukuk napsal(a):
On Wed, Feb 17, Cristian Rodríguez wrote:
We have better mechanisms now, including extensive sandboxing and namespaces support configurable via systemd unit drop-ins.
And especially for postfix we even have a container :) That's with glibc 2.33 and lmdb working fine without the need for an additional chroot environment.
Actually the newer glibc makes troubles also in containers. We are getting a lot of EPERM erros in TW Docker images running as GitHub Actions. See https://github.com/yast/yast-ntp-client/pull/166/checks?check_run_id=1922192... or https://github.com/yast/yast-samba-server/runs/1922239238#step:5:153 It seems that the new glibc requires a newer kernel, a similar issue was also reported for WSL: https://github.com/microsoft/WSL/issues/6562 There is a patch for Docker (see https://docs.docker.com/engine/release-notes/#security-1) but that means you need Docker >= 20.10.0 which might not be available for all systems or you might not be able to upgrade the Docker host like in the containerized GitHub Actions ... :-( -- Ladislav Slezák YaST Developer SUSE LINUX, s.r.o. Corso IIa Křižíkova 148/34 18600 Praha 8