It's possible, but it would require running the container in a privileged mode. It would essentially mitigate any security benefit you get from running the MTA in containers.
I would recommend copying all of these files into a directory in /srv dedicated to the service (in this case the MTA). For example, I would create a directory structure something like:
Then, I would bind mount each of these in. This is what I do for Mediawiki, MySQL, and Wordpress. Sadly, I don't think I've created a GitHub repo to show people how to do it.
Personally, I also run systemd in the container (because I hate reverse engineering startup scripts) and I run the whole thing read-only. IMHO, thisngives me a balance of security and convenience.
If you don't run systemd, you could even run rootless.
Best Regards
Scott M
People,
I want to have a MTA running from a container but is it possible for the
containerised MTA:
1. to deliver mails to users on the host's file system dir (eg
/home/user/Maildir)?
2. to have access to the host's:
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
files for users who are logging in to the host to look at their mails?
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: phil@pricom.com.au
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io
_______________________________________________