Bug#790392: unbound chroot accumulates old files

Mon, 14 Dec 2015 08:27:04 -0800 

Hi Robert,

On 12/12/2015 05:08 PM, Robert Edmonds wrote:
> Hi, Simon:
> 
> The chroot directory might be configured by a file in
> /etc/unbound/unbound.conf.d/*.conf, rather than in the main unbound.conf
> file.

Good point, this needs to be supported.

> What do you think of setting UNBOUND_CONF like this instead?
> 
>     CHROOT_DIR="$(unbound-checkconf -o chroot)"

I tried it initially but it doesn't work:

# unbound-checkconf -o chroot
[1450106598] unbound-checkconf[11733:0] fatal error: config file
/etc/unbound/unbound.conf is not inside chroot /var/lib/unbound

Yet the unbound.conf does exist in the chroot:

# ll /var/lib/unbound/etc/unbound/unbound.conf
-rw-r--r-- 1 root root 2737 Nov 25 13:11
/var/lib/unbound/etc/unbound/unbound.conf

So this (bug?) requires to always pass the path to the chrooted config
file to unbound-checkconf when using a chroot.

# unbound-checkconf -o interface
[1450109011] unbound-checkconf[15475:0] fatal error: config file
/etc/unbound/unbound.conf is not inside chroot /var/lib/unbound

# unbound-checkconf /var/lib/unbound/etc/unbound/unbound.conf \
                    -o interface
127.0.0.1
::1


I've updated the patch to support setting the chroot anywhere in
unbound.conf, not just the main config file. Please let me know what you
think of the proposed workaround.

Regards,
Simon

--- /etc/init.d/unbound.orig	2015-06-28 13:38:39.604171157 -0400
+++ /etc/init.d/unbound	2015-12-14 10:56:13.688340726 -0500
@@ -21,7 +21,7 @@
 UNBOUND_ENABLE=true
 UNBOUND_CONF=/etc/unbound/unbound.conf
 UNBOUND_BASE_DIR=$(dirname $UNBOUND_CONF)
-CHROOT_DIR=$(awk '{if ($1 ~ "^chroot" && $2 != "\"\"") print $2}' $UNBOUND_CONF|sed -e "s#\"##g")
+CHROOT_DIR=$(awk '{if ($1 ~ "^chroot" && $2 != "\"\"") print $2}' $(find $UNBOUND_BASE_DIR -name '*.conf')|sed -e 's#"##g'|head -n1)
 ROOT_TRUST_ANCHOR_UPDATE=false
 ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key
 RESOLVCONF=false
@@ -93,8 +93,9 @@
 
 do_chroot_setup() {
     if [ -d "$CHROOT_DIR" -a "$CHROOT_DIR" != "$UNBOUND_BASE_DIR" ]; then
+        rm -rf $CHROOT_DIR/$UNBOUND_BASE_DIR && mkdir -p $CHROOT_DIR/$UNBOUND_BASE_DIR
         cd /
-        tar --overwrite -cf - $(echo $UNBOUND_BASE_DIR | sed 's#^/##') | (cd $CHROOT_DIR && tar -xf -)
+        tar -cf - $(echo $UNBOUND_BASE_DIR | sed 's/^\///') | (cd $CHROOT_DIR && tar -xf -)
     fi
 }

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to