Comment 3 for bug 1885907

Revision history for this message
Simon Déziel (sdeziel) wrote : Re: [Bug 1885907] Re: Unbound crash with chroot

On 2020-07-03 3:37 a.m., Christian Ehrhardt  wrote:
> Also subscribing Simon who submitted the bug report

I had forgotten about it, thanks for the reminder! I turned the patch
into a merge request [1] which tested fine on Debian/Sid. I'm waiting a
few more days for feedback but will merge it as-is if nobody shows up.
It's been ~3 years already ;)

Until that bug is fixed in Debian then Ubuntu, I think a good workaround
is to instead leverage the namespace features of systemd to achieve
something similar to chroot'ing unbound. Here's trimmed down example of
this:

  $ cat /etc/systemd/system/unbound.service.d/override.conf
  [Service]
  ReadWritePaths=/var/lib/unbound /run
  PrivateDevices=true
  PrivateTmp=yes
  ProtectSystem=strict
  ProtectHome=true

HTH,
Simon

1: https://salsa.debian.org/dns-team/unbound/-/merge_requests/10