[Dovecot] cgroup support
Timo Sirainen
tss at iki.fi
Tue Feb 1 17:04:46 EET 2011
On 1.2.2011, at 9.44, Andreas Pelme wrote:
> On 31 jan 2011, at 15:07, Timo Sirainen wrote:
>> With v2.0 the imap and post-login processes are both created by the dovecot process. So no parent-child relationship between them.
>
> Would it be possible to specify an alternative mail_executable that wraps the imap/pop processes?
Maybe.
> I.e. something like:
>
> protocol imap { mail_executable = cgroup_wrapper.sh }
>
> cgroup_wrapper.sh:
> #!/bin/sh
> echo $$ > /cgroup/foo/bar/tasks
> exec /usr/libexec/dovecot/imap $*
>
> Is the privileges dropped before mail_executable is called, or is it done in the mail_executable itself?
If you have virtual users, you can do:
service imap {
executable = cgroup_wrapper.sh
user = vmail
drop_priv_before_exec = yes
}
With system users you can't do that.
More information about the dovecot
mailing list