[Pkg-dns-devel] Bug#790392: Bug#790392: unbound chroot accumulates old files
Robert Edmonds
edmonds at debian.org
Sun Jan 31 03:26:20 UTC 2016
Hi, Simon:
Simon Deziel wrote:
> What do you think of the 2nd version of the proposed fixed
> (unbound-fresh-chroot-2.patch)?
This version of the patch will read from any *.conf file in
/etc/unbound, which could easily not be part of the active config, e.g.:
/etc/unbound/unbound-bad.conf
/etc/unbound/unbound.conf.d.bak/chroot.conf
Or the admin could simply delete the 'include' directive in the default
/etc/unbound/unbound.conf file, in which case we shouldn't be looking at
any /etc/unbound/unbound.conf.d/*.conf files at all.
The awk/find/sed/etc. code that you use to try to find the chroot
directory makes me uncomfortable. It seems that if we need to find the
configured chroot directory, we should be fixing unbound-checkconf so
that we can use the Unbound config parser itself to tell us where the
chroot directory is, rather than trying to implement an ad hoc config
parser in shell.
> If we could resolve this chroot'ing problem, Ubuntu, that turns off
> chroot by default, would be more comfortable to drop part of their delta
> with Debian.
What delta is there in Ubuntu? I'm looking at the unbound
1.5.7-1ubuntu1 source package and the only change I see is to disable
dnstap support.
--
Robert Edmonds
edmonds at debian.org
More information about the pkg-dns-devel
mailing list