mail_privileged_group setting prevents core dumps - mention it in logging.

--HG--
branch : HEAD

diff --git a/src/master/child-process.c b/src/master/child-process.c
index 642ed3d8a1d8d2d0a89cf7e381bdff8f3b4295d7..c80c59352b4e1e3b35a72423f2d68c6353b3d429 100644 (file)
--- a/src/master/child-process.c
+++ b/src/master/child-process.c
@@ -162,6 +162,10 @@ log_coredump(string_t *str, enum process_type process_type, int status)
                        str_append(str, " (core not dumped - set mail_drop_priv_before_exec=yes)");
                        return;
                }
+               if (*settings_root->defaults->mail_privileged_group != '\0') {
+                       str_append(str, " (core not dumped - mail_privileged_group prevented it)");
+                       return;
+               }
 #endif
                str_append(str, " (core not dumped - is home dir set?)");
                return;

diff --git a/src/master/mail-process.c b/src/master/mail-process.c
index 372d3934778127a5dd9c28311228ae89f4da92dd..3c37f140118a5af9d1c078ed4ba47dd323fef409 100644 (file)
--- a/src/master/mail-process.c
+++ b/src/master/mail-process.c
@@ -905,8 +905,9 @@ create_mail_process(enum process_type process_type, struct settings *set,
        if (set->mail_drop_priv_before_exec) {
                restrict_access_by_env(TRUE);
                /* privileged GID is now only in saved-GID. if we want to
-                  preserve it accross exec, it needs to be temporarily
-                  in effective gid */
+                  preserve it across exec, it needs to be temporarily
+                  in effective gid. unfortunately this also causes kernel
+                  to think we're a setgid-program. */
                restrict_access_use_priv_gid();
        }