On 1.2.2011, at 9.44, Andreas Pelme wrote:
On 31 jan 2011, at 15:07, Timo Sirainen wrote:
With v2.0 the imap and post-login processes are both created by the dovecot process. So no parent-child relationship between them.
Would it be possible to specify an alternative mail_executable that wraps the imap/pop processes?
Maybe.
I.e. something like:
protocol imap { mail_executable = cgroup_wrapper.sh }
cgroup_wrapper.sh: #!/bin/sh echo $$ > /cgroup/foo/bar/tasks exec /usr/libexec/dovecot/imap $*
Is the privileges dropped before mail_executable is called, or is it done in the mail_executable itself?
If you have virtual users, you can do:
service imap { executable = cgroup_wrapper.sh user = vmail drop_priv_before_exec = yes }
With system users you can't do that.