This is a hard limit built into the OpenLDAP library that
causes requests to fail when the number of open read
transactions exceeds the limit. When this happens the LMDB
- client logs a MDB_READERS_FULL warning and continues with
+ client logs an MDB_READERS_FULL warning and continues with
reduced performance. Files: util/dict_lmdb.c, util/dict_lmdb.h,
global/mail_params.h, global/mail_params.c, proto/postconf.proto,
proto/LMDB_README.html.
+
+20130929
+
+ Security violation: LMDB opens files with read/write access
+ for lock management purposes. This gives unprivileged
+ daemon processes read/write file handles for root-owned
+ files under /etc/postfix. This also breaks when a non-root
+ process needs to access a root-owned database. Even if
+ LMDB lock files were world-writable, and kept in a dedicated
+ directory, they would still violate the principle of least
+ privilege. For all these reasons, support to create LMDB
+ files is removed from the postmap and postalias commands.
+ LMDB files can still be created by unprivileged Postfix
+ daemon processes under the postfix-owned data_directory.
+ Files: proto/LMDB_README.html, global/mkmap.c.
|| |known to support it. |
|_\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
|| |Do not build with NIS or NISPLUS support. NIS |
-||-DNO_NIS |is not available on some recent Linux or |
-|| |Solaris distributions. |
+||-DNO_NIS |is not available on some recent Linux |
+|| |distributions. |
+|_\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+|| |Do not build with NISPLUS support. NISPLUS is |
+||-DNO_NISPLUS |not available on some recent Solaris |
+|| |distributions. |
|_\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
|| |Do not build with PCRE support. By default, |
||-DNO_PCRE |PCRE support is compiled in when the pcre- |
I\bIn\bnt\btr\bro\bod\bdu\buc\bct\bti\bio\bon\bn
+ Warning: LMDB applications require write access even when the application
+ itself is read-only. This violates the principle of least privilege, and
+ causes all kinds of problems when a non-root process needs to query a root-
+ owned database such as access(5), virtual(5), or transport(5).
+
+ Support to create LMDB databases is no longer available for the postmap(1)
+ and postalias(1) commands. Instead, consider using cdb: to manage root-
+ owned databases under the root-owned config_directory (default: /etc/
+ postfix) such as access(5), virtual(5), or transport(5).
+
+ Support to create LMDB databases is available only for unprivileged Postfix
+ daemon processes such as postscreen(8), tlsmgr(8) and verify(8) that manage
+ postfix-owned databases under the postfix-owned data_directory (default: /
+ var/lib/postfix).
+
Postfix uses databases of various kinds to store and look up information.
Postfix databases are specified as "type:name". OpenLDAP LMDB implements the
Postfix database type "lmdb". The name of a Postfix OpenLDAP LMDB database is
-the name of the database file without the ".lmdb" suffix. OpenLDAP LMDB
-databases are maintained with the postmap(1) and postalias(1) commands.
+the name of the database file without the ".lmdb" suffix.
This document describes:
As documented below, conversion to LMDB introduces a number of failure modes
that don't exist with other Postfix databases. Some failure modes have been
-eliminated on the course of time. The writeup below reflects the status as of
+eliminated in the course of time. The writeup below reflects the status as of
of LMDB 0.9.8.
+U\bUn\bne\bex\bxp\bpe\bec\bct\bte\bed\bd "\b"P\bPe\ber\brm\bmi\bis\bss\bsi\bio\bon\bn d\bde\ben\bni\bie\bed\bd"\b" e\ber\brr\bro\bor\brs\bs.\b.
+
+Problem:
+ A world-readable LMDB database cannot be opened by a process with a UID
+ that differs from the database file owner, even when an attempt is made to
+ open the database read-only. This problem does not exist with other Postfix
+ databases.
+
+Background:
+ The LMDB implementation requires write access to maintain read locks, and
+ perhaps for other purposes.
+
+Solution:
+ Consider using cdb: to manage root-owned databases under the root-owned /
+ etc or config_directory (default: /etc/postfix) such as access(5), virtual
+ (5), transport(5). Support to create LMDB databases is available only for
+ unprivileged Postfix daemon processes such as postscreen(8), tlsmgr(8) and
+ verify(8) that manage postfix-owned databases under the postfix-owned
+ data_directory (default: /var/lib/postfix).
+
U\bUn\bne\bex\bxp\bpe\bec\bct\bte\bed\bd "\b"r\bre\bea\bad\bde\ber\brs\bs f\bfu\bul\bll\bl"\b" e\ber\brr\bro\bor\brs\bs.\b.
Problem:
Background:
The LMDB implementation enforces a hard limit on the number of simultaneous
read requests for the same database environment. This limit must be
- specified with the lmdb_max_readers configuration parameter.
+ specified in advance with the lmdb_max_readers configuration parameter.
Mitigation:
Postfix logs a warning suggesting that the lmdb_max_readers parameter value
times while running with reduced performance.
Prevention:
- Monitor your LMDB files for MDB_READERS_FULL errors and make the necessary
- adjustments. Consider using CDB for read-mostly databases.
+ Monitor your LMDB files for MDB_READERS_FULL errors. After making the
+ necessary adjustments, restart Postfix.
-N\bNo\bon\bn-\b-o\bob\bbv\bvi\bio\bou\bus\bs r\bre\bec\bco\bov\bve\ber\bry\by w\bwi\bit\bth\bh p\bpo\bos\bst\btm\bma\bap\bp(\b(1\b1)\b)/\b/p\bpo\bos\bst\bta\bal\bli\bia\bas\bs(\b(1\b1)\b)/\b/t\btl\bls\bsm\bmg\bgr\br(\b(8\b8)\b) f\bfr\bro\bom\bm a\ba c\bco\bor\brr\bru\bup\bpt\bte\bed\bd
-d\bda\bat\bta\bab\bba\bas\bse\be.\b.
+N\bNo\bon\bn-\b-o\bob\bbv\bvi\bio\bou\bus\bs r\bre\bec\bco\bov\bve\ber\bry\by w\bwi\bit\bth\bh p\bpo\bos\bst\bts\bsc\bcr\bre\bee\ben\bn(\b(8\b8)\b),\b, t\btl\bls\bsm\bmg\bgr\br(\b(8\b8)\b),\b, o\bor\br v\bve\ber\bri\bif\bfy\by(\b(8\b8)\b) f\bfr\bro\bom\bm a\ba
+c\bco\bor\brr\bru\bup\bpt\bte\bed\bd d\bda\bat\bta\bab\bba\bas\bse\be.\b.
Problem:
- You cannot rebuild a corrupted LMDB database simply by re-running postmap
- (1) or postalias(1), or by waiting until the tlsmgr(8) daemon restarts.
- This problem does not exist with other Postfix databases.
+ You cannot rebuild a corrupted LMDB database simply by waiting until a
+ daemon restarts. This problem does not exist with other Postfix databases.
Background:
The Postfix LMDB database client does not truncate the database file.
Postfix does not process mail until someone fixes the problem.
Recovery:
- First delete the ".lmdb" file by hand. Then, rebuild the file with the
- postmap(1) or postalias(1) command, or wait until the tlsmgr(8) daemon
- restarts.
+ First delete the ".lmdb" file by hand. Then, restart postfix.
Prevention:
Arrange your file systems such that they never run out of free space.
If you upgrade from Postfix 2.9 or earlier, read RELEASE_NOTES-2.10
before proceeding.
+Major changes with snapshot 20130929
+====================================
+
+Support to create LMDB databases is no longer available for the
+postmap(1) and postalias(1) commands. Instead, consider using cdb:
+to manage root-owned databases under the root-owned config_directory
+(default: /etc/postfix) such as access(5), virtual(5), transport(5).
+
+The reason is that LMDB applications require write access even when
+the application itself is read-only. This violates the principle
+of least privilege, and causes all kinds of problems when a non-root
+process needs to query a root-owned database.
+
+Support to create LMDB databases is available only for unprivileged
+Postfix daemon processes such as postscreen(8), tlsmgr(8) and
+verify(8) that manage postfix-owned databases under the postfix-owned
+data_directory (default: /var/lib/postfix).
+
Major changes with snapshot 20130927
====================================
</td> </tr>
<tr> <td> </td> <td> -DNO_NIS </td> <td> Do not build with NIS or
-NISPLUS support. NIS is not available on some recent Linux or Solaris
+NISPLUS support. NIS is not available on some recent Linux
+distributions. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_NISPLUS </td> <td> Do not build with
+NISPLUS support. NISPLUS is not available on some recent Solaris
distributions. </td> </tr>
<tr> <td> </td> <td> -DNO_PCRE </td> <td> Do not build with PCRE
<h2>Introduction</h2>
+<blockquote> <p> Warning: LMDB applications require write access
+even when the application itself is read-only. This violates the
+principle of least privilege, and causes all kinds of problems
+when a non-root process needs to query a root-owned database such
+as <a href="access.5.html">access(5)</a>, <a href="virtual.5.html">virtual(5)</a>, or <a href="transport.5.html">transport(5)</a>. </p>
+
+<p> Support to create LMDB databases is no longer available for the
+<a href="postmap.1.html">postmap(1)</a> and <a href="postalias.1.html">postalias(1)</a> commands. Instead, consider using <a href="CDB_README.html">cdb</a>:
+to manage root-owned databases under the root-owned <a href="postconf.5.html#config_directory">config_directory</a>
+(default: <tt>/etc/postfix</tt>) such as <a href="access.5.html">access(5)</a>, <a href="virtual.5.html">virtual(5)</a>, or
+<a href="transport.5.html">transport(5)</a>. </p>
+
+<p> Support to create LMDB databases is available only for unprivileged
+Postfix daemon processes such as <a href="postscreen.8.html">postscreen(8)</a>, <a href="tlsmgr.8.html">tlsmgr(8)</a> and
+<a href="verify.8.html">verify(8)</a> that manage postfix-owned databases under the postfix-owned
+<a href="postconf.5.html#data_directory">data_directory</a> (default: <tt>/var/lib/postfix</tt>). </p> </blockquote>
+
<p> Postfix uses databases of various kinds to store and look up
information. Postfix databases are specified as "type:name".
OpenLDAP LMDB implements the Postfix database type "lmdb".
The name of a Postfix OpenLDAP LMDB database is the name
-of the database file without the ".lmdb" suffix. OpenLDAP LMDB databases
-are maintained with the <a href="postmap.1.html">postmap(1)</a> and <a href="postalias.1.html">postalias(1)</a> commands. </p>
+of the database file without the ".lmdb" suffix. </p>
<p> This document describes: </p>
<p> As documented below, conversion to LMDB introduces a number of
failure modes that don't exist with other Postfix databases. Some
-failure modes have been eliminated on the course of time.
+failure modes have been eliminated in the course of time.
The writeup below reflects the status as of of LMDB 0.9.8. </p>
+<p> <strong>Unexpected "Permission denied" errors. </strong></p>
+
+<dl>
+
+<dt> Problem: </dt> <dd> <p> A world-readable LMDB database cannot
+be opened by a process with a UID that differs from the database
+file owner, even when an attempt is made to open the database
+read-only. This problem does not exist with other Postfix databases.
+</p> </dd>
+
+<dt> Background: </dt> <dd> <p> The LMDB implementation requires
+write access to maintain read locks, and perhaps for other purposes.
+</p> </dd>
+
+<dt> Solution: </dt> <dd> <p> Consider using <a href="CDB_README.html">cdb</a>: to manage root-owned
+databases under the root-owned <tt>/etc</tt> or <a href="postconf.5.html#config_directory">config_directory</a>
+(default: <tt>/etc/postfix</tt>) such as <a href="access.5.html">access(5)</a>, <a href="virtual.5.html">virtual(5)</a>,
+<a href="transport.5.html">transport(5)</a>. Support to create LMDB databases is available only
+for unprivileged Postfix daemon processes such as <a href="postscreen.8.html">postscreen(8)</a>,
+<a href="tlsmgr.8.html">tlsmgr(8)</a> and <a href="verify.8.html">verify(8)</a> that manage postfix-owned databases under
+the postfix-owned <a href="postconf.5.html#data_directory">data_directory</a> (default: <tt>/var/lib/postfix</tt>).
+</p> </dd>
+
+</dl>
+
<p> <strong>Unexpected "readers full" errors. </strong></p>
<dl>
<dt> Background: </dt> <dd> <p> The LMDB implementation enforces a
hard limit on the number of simultaneous read requests for the same
-database environment. This limit must be specified with the
-<a href="postconf.5.html#lmdb_max_readers">lmdb_max_readers</a> configuration parameter. </p> </dd>
+database environment. This limit must be specified in advance with
+
the <a href="postconf.5.html#lmdb_max_readers">lmdb_max_readers</a> configuration parameter. </p> </dd>
<dt> Mitigation: </dt> <dd> <p> Postfix logs a warning suggesting
that the <a href="postconf.5.html#lmdb_max_readers">lmdb_max_readers</a> parameter value be increased, and retries
with reduced performance. </p> </dd>
<dt> Prevention: </dt> <dd> <p> Monitor your LMDB files for
-MDB_READERS_FULL errors and make the necessary adjustments.
-Consider using CDB for read-mostly databases. </p> </dd> </dl>
+MDB_READERS_FULL errors. After making the necessary adjustments,
+restart Postfix. </p> </dd>
+
+</dl>
<!--
-->
-<p> <strong>Non-obvious recovery with <a href="postmap.1.html">postmap(1)</a>/<a href="postalias.1.html">postalias(1)</a>/<a href="tlsmgr.8.html">tlsmgr(8)</a>
-from a corrupted database. </strong></p>
+<p> <strong>Non-obvious recovery with <!-- <a href="postmap.1.html">postmap(1)</a>, <a href="postalias.1.html">postalias(1)</a>, -->
+<a href="postscreen.8.html">postscreen(8)</a>, <a href="tlsmgr.8.html">tlsmgr(8)</a>, or <a href="verify.8.html">verify(8)</a> from a corrupted database.
+</strong></p>
<dl>
<dt> Problem: </dt> <dd> <p> You cannot rebuild a corrupted LMDB
-database simply by re-running <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>, or by
-waiting until the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon restarts. This problem
-does not exist with other Postfix databases. </p> </dd>
+database simply by <!-- re-running <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>, or
+by --> waiting until a daemon restarts. This problem does not exist
+with other Postfix databases. </p> </dd>
<dt> Background: </dt> <dd> <p> The Postfix LMDB database client
does not truncate the database file. Instead it attempts to create
someone fixes the problem. </p> </dd>
<dt> Recovery: </dt> <dd> <p> First delete the ".lmdb" file by hand.
-Then, rebuild the file with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command,
-or wait until the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon restarts. </p>
-</dd>
+Then, <!-- rebuild the file with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>
+command if the file was created with those commands, or --> restart
+postfix. <!-- daemons if the file is maintained by daemon processes.
+--> </p> </dd>
-<dt> Prevention: </dt> <dd>
+<dt> Prevention: </dt> <dd>
<p> Arrange your file systems such that they never run out of free
space. </p>
# are known to support it.
# .IP \fB-DNO_NIS\fR
# Do not build with NIS or NISPLUS support. Support for NIS
-# is unavailable on some recent Linux and Solaris distributions.
+# is unavailable on some recent Linux distributions.
+# .IP \fB-DNO_NISPLUS\fR
+# Do not build with NISPLUS support. Support for NISPLUS
+# is unavailable on some recent Solaris distributions.
# .IP \fB-DNO_PCRE\fR
# Do not build with PCRE support.
# By default, PCRE support is compiled in when the \fBpcre-config\fR
case $RELEASE in
5.[0-8]|5.[0-8].*) CCARGS="$CCARGS -DNO_CLOSEFROM -DNO_DEV_URANDOM -DNO_FUTIMESAT -DSTREAM_CONNECTIONS";;
esac
+ # Somewhere NISPLUS went away.
+ case $RELEASE in
+ 5.[0-9][0-9]*) CCARGS="$CCARGS -DNO_NISPLUS";;
+ esac
# Work around broken str*casecmp(). Do it all here instead
# of having half the solution in the sys_defs.h file.
CCARGS="$CCARGS -Dstrcasecmp=fix_strcasecmp \
</td> </tr>
<tr> <td> </td> <td> -DNO_NIS </td> <td> Do not build with NIS or
-NISPLUS support. NIS is not available on some recent Linux or Solaris
+NISPLUS support. NIS is not available on some recent Linux
+distributions. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_NISPLUS </td> <td> Do not build with
+NISPLUS support. NISPLUS is not available on some recent Solaris
distributions. </td> </tr>
<tr> <td> </td> <td> -DNO_PCRE </td> <td> Do not build with PCRE
<h2>Introduction</h2>
+<blockquote> <p> Warning: LMDB applications require write access
+even when the application itself is read-only. This violates the
+principle of least privilege, and causes all kinds of problems
+when a non-root process needs to query a root-owned database such
+as access(5), virtual(5), or transport(5). </p>
+
+<p> Support to create LMDB databases is no longer available for the
+postmap(1) and postalias(1) commands. Instead, consider using cdb:
+to manage root-owned databases under the root-owned config_directory
+(default: <tt>/etc/postfix</tt>) such as access(5), virtual(5), or
+transport(5). </p>
+
+<p> Support to create LMDB databases is available only for unprivileged
+Postfix daemon processes such as postscreen(8), tlsmgr(8) and
+verify(8) that manage postfix-owned databases under the postfix-owned
+data_directory (default: <tt>/var/lib/postfix</tt>). </p> </blockquote>
+
<p> Postfix uses databases of various kinds to store and look up
information. Postfix databases are specified as "type:name".
OpenLDAP LMDB implements the Postfix database type "lmdb".
The name of a Postfix OpenLDAP LMDB database is the name
-of the database file without the ".lmdb" suffix. OpenLDAP LMDB databases
-are maintained with the postmap(1) and postalias(1) commands. </p>
+of the database file without the ".lmdb" suffix. </p>
<p> This document describes: </p>
<p> As documented below, conversion to LMDB introduces a number of
failure modes that don't exist with other Postfix databases. Some
-failure modes have been eliminated on the course of time.
+failure modes have been eliminated in the course of time.
The writeup below reflects the status as of of LMDB 0.9.8. </p>
+<p> <strong>Unexpected "Permission denied" errors. </strong></p>
+
+<dl>
+
+<dt> Problem: </dt> <dd> <p> A world-readable LMDB database cannot
+be opened by a process with a UID that differs from the database
+file owner, even when an attempt is made to open the database
+read-only. This problem does not exist with other Postfix databases.
+</p> </dd>
+
+<dt> Background: </dt> <dd> <p> The LMDB implementation requires
+write access to maintain read locks, and perhaps for other purposes.
+</p> </dd>
+
+<dt> Solution: </dt> <dd> <p> Consider using cdb: to manage root-owned
+databases under the root-owned <tt>/etc</tt> or config_directory
+(default: <tt>/etc/postfix</tt>) such as access(5), virtual(5),
+transport(5). Support to create LMDB databases is available only
+for unprivileged Postfix daemon processes such as postscreen(8),
+tlsmgr(8) and verify(8) that manage postfix-owned databases under
+the postfix-owned data_directory (default: <tt>/var/lib/postfix</tt>).
+</p> </dd>
+
+</dl>
+
<p> <strong>Unexpected "readers full" errors. </strong></p>
<dl>
<dt> Background: </dt> <dd> <p> The LMDB implementation enforces a
hard limit on the number of simultaneous read requests for the same
-database environment. This limit must be specified with the
-lmdb_max_readers configuration parameter. </p> </dd>
+database environment. This limit must be specified in advance with
+the lmdb_max_readers configuration parameter. </p> </dd>
<dt> Mitigation: </dt> <dd> <p> Postfix logs a warning suggesting
that the lmdb_max_readers parameter value be increased, and retries
with reduced performance. </p> </dd>
<dt> Prevention: </dt> <dd> <p> Monitor your LMDB files for
-MDB_READERS_FULL errors and make the necessary adjustments.
-Consider using CDB for read-mostly databases. </p> </dd> </dl>
+MDB_READERS_FULL errors. After making the necessary adjustments,
+restart Postfix. </p> </dd>
+
+</dl>
<!--
-->
-<p> <strong>Non-obvious recovery with postmap(1)/postalias(1)/tlsmgr(8)
-from a corrupted database. </strong></p>
+<p> <strong>Non-obvious recovery with <!-- postmap(1), postalias(1), -->
+postscreen(8), tlsmgr(8), or verify(8) from a corrupted database.
+</strong></p>
<dl>
<dt> Problem: </dt> <dd> <p> You cannot rebuild a corrupted LMDB
-database simply by re-running postmap(1) or postalias(1), or by
-waiting until the tlsmgr(8) daemon restarts. This problem
-does not exist with other Postfix databases. </p> </dd>
+database simply by <!-- re-running postmap(1) or postalias(1), or
+by --> waiting until a daemon restarts. This problem does not exist
+with other Postfix databases. </p> </dd>
<dt> Background: </dt> <dd> <p> The Postfix LMDB database client
does not truncate the database file. Instead it attempts to create
someone fixes the problem. </p> </dd>
<dt> Recovery: </dt> <dd> <p> First delete the ".lmdb" file by hand.
-Then, rebuild the file with the postmap(1) or postalias(1) command,
-or wait until the tlsmgr(8) daemon restarts. </p>
-</dd>
+Then, <!-- rebuild the file with the postmap(1) or postalias(1)
+command if the file was created with those commands, or --> restart
+postfix. <!-- daemons if the file is maintained by daemon processes.
+--> </p> </dd>
-<dt> Prevention: </dt> <dd>
+<dt> Prevention: </dt> <dd>
<p> Arrange your file systems such that they never run out of free
space. </p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20130928"
+#define MAIL_RELEASE_DATE "20130929"
#define MAIL_VERSION_NUMBER "2.11"
#ifdef SNAPSHOT
DICT_TYPE_HASH, mkmap_hash_open,
DICT_TYPE_BTREE, mkmap_btree_open,
#endif
-#ifdef HAS_LMDB
+
+ /*
+ * LMDB readers open the LMDB lock file O_RDWR. This complicates
+ * database sharing between processes that run with different effective
+ * UIDs.
+ *
+ * For example, this violates the Postfix security model as it passes a
+ * read-write file handle for a root-owned file under /etc/postfix into a
+ * non-root daemon process.
+ *
+ * This also totally breaks non-root access for root-owned databases by
+ * non-daemon processes.
+ *
+ * Even if LMDB lock files were kept under /tmp or /var/run, those files
+ * would still have to be world-writable, and that would still violate
+ * the principle of least privilege.
+ *
+ * For all these reasons, LMDB is supported only for caches that are
+ * maintained by non-root daemon processes such as postscreen(8),
+ * tlsmgr(8) or verify(8). All the effort to recover from bogus LMDB
+ * errors was good for something.
+ */
+#ifdef notdef
DICT_TYPE_LMDB, mkmap_lmdb_open,
#endif
DICT_TYPE_FAIL, mkmap_fail_open,
*/
for (mp = mkmap_types; /* void */ ; mp++) {
if (mp->type == 0)
- msg_fatal("unsupported map type: %s", type);
+ msg_fatal("unsupported map type for this operation: %s", type);
if (strcmp(type, mp->type) == 0)
break;
}
#define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/mail/aliases"
#ifndef NO_NIS
#define HAS_NIS
+#ifndef NO_NISPLUS
#define HAS_NISPLUS
+#endif /* NO_NISPLUS */
#endif
#define USE_SYS_SOCKIO_H /* Solaris 2.5, changed sys/ioctl.h */
#define GETTIMEOFDAY(t) gettimeofday(t)
projects / thirdparty / postfix.git / commitdiff
