Dne 17. 02. 21 v 15:27 Thorsten Kukuk napsal(a):
On Wed, Feb 17, Cristian Rodríguez wrote:
We have better mechanisms now, including extensive sandboxing and namespaces support configurable via systemd unit drop-ins.
And especially for postfix we even have a container :) That's with glibc 2.33 and lmdb working fine without the need for an additional chroot environment.
Actually the newer glibc makes troubles also in containers. We are getting a lot of EPERM erros in TW Docker images running as GitHub Actions.
It seems that the new glibc requires a newer kernel, a similar issue was also reported for WSL: https://github.com/microsoft/WSL/issues/6562
There is a patch for Docker (see https://docs.docker.com/engine/release-notes/#security-1) but that means you need Docker >= 20.10.0 which might not be available for all systems or you might not be able to upgrade the Docker host like in the containerized GitHub Actions ... :-(