I'm using the postfix included with NetBSD-2.0.2 (2.0.19, isn't it?).

I'm looking at running some of the postfix daemons under chroot.  I
notice that in /etc/rc.d/postfix , postfix_precmd() copies localtime,
resolv.conf, and services from /etc to /var/spool/postfix/etc, which
is nice. However, as seen here:

http://www.postfix.org/INSTALL.html#hamlet

copying those files is not quite enough.  Syslogd has to be configured
to create a log socket inside the chroot directory or some of the
postfix daemons may stop logging if syslogd is restarted (This is what
I understand from reading some mailing list archives, please correct
me if I am wrong.)

I see that in /etc/rc.d/syslogd, syslogd_precmd looks for rc.d scripts
that have the 'chrootdir' keyword set to figure out which sockets it
will create.  This is how ntpd_chrootdir and named_chrootdir work,
right?

/etc/rc.d/postfix doesn't have the chrootdir keyword, so setting
postfix_chrootdir doesn't work.  I added

KEYWORD: chrootdir=20

to /etc/rc.d/postfix and added

postfix_chrootdir=3D"/var/spool/postfix"

to rc.conf.  Restarting syslogd, it seems to create
/var/spool/postfix/var/run/log just fine.  Are there any problems with
what I have done?  Off the top of my head, postfix_chrootdir doesn't
work like ntpd_chrootdir or named_chrootdir because postfix's
master.cf still needs to be edited in order to run the daemons under
chroot.  Since it doesn't "just work," I guess it is not appropriate?

I'm also thinking about just adding to syslogd_flags in rc.conf, since
that works just as well, even if it does not take advantage of
/etc/rc.d/syslogd's magic.  I also figure I am less likely to
accidentally wipe out changes to rc.conf than a script under
/etc/rc.d/*

What do you guys think?