On 2020-07-03 3:37 a.m., Christian Ehrhardt wrote:
> Also subscribing Simon who submitted the bug report
I had forgotten about it, thanks for the reminder! I turned the patch
into a merge request [1] which tested fine on Debian/Sid. I'm waiting a
few more days for feedback but will merge it as-is if nobody shows up.
It's been ~3 years already ;)
Until that bug is fixed in Debian then Ubuntu, I think a good workaround
is to instead leverage the namespace features of systemd to achieve
something similar to chroot'ing unbound. Here's trimmed down example of
this:
On 2020-07-03 3:37 a.m., Christian Ehrhardt wrote:
> Also subscribing Simon who submitted the bug report
I had forgotten about it, thanks for the reminder! I turned the patch
into a merge request [1] which tested fine on Debian/Sid. I'm waiting a
few more days for feedback but will merge it as-is if nobody shows up.
It's been ~3 years already ;)
Until that bug is fixed in Debian then Ubuntu, I think a good workaround
is to instead leverage the namespace features of systemd to achieve
something similar to chroot'ing unbound. Here's trimmed down example of
this:
$ cat /etc/systemd/ system/ unbound. service. d/override. conf s=/var/ lib/unbound /run s=true =strict
[Service]
ReadWritePath
PrivateDevice
PrivateTmp=yes
ProtectSystem
ProtectHome=true
HTH,
Simon
1: https:/ /salsa. debian. org/dns- team/unbound/ -/merge_ requests/ 10