Re: Unbound in base, yes, what about ldns?

Sun, 23 Mar 2014 16:23:30 -0700 

> I was waiting to be sure about this before adding an extra log socket in
> the jail.
> 
> Unbound opens /dev/log pre-chroot, so under normal conditions this is
> not necessary, *however* if syslogd is restarted, the old socket is
> no longer valid, so Unbound stops logging.
> 
> So I think yes we should have this. Of course now this is in base,
> it needs to be in syslogd's startup script rather than a local addition,
> so you can remove it from rc.conf.local.

Seems sensible.  We've done this in other software, though generally I
think they end up always opening the one inside the jail, even upfront.

> Index: rc.d/syslogd
> ===================================================================
> RCS file: /cvs/src/etc/rc.d/syslogd,v
> retrieving revision 1.2
> diff -u -p -r1.2 syslogd
> --- rc.d/syslogd      15 Mar 2014 00:59:50 -0000      1.2
> +++ rc.d/syslogd      23 Mar 2014 22:18:05 -0000
> @@ -15,6 +15,8 @@ rc_pre() {
>               daemon_flags="${daemon_flags} -a /var/named/dev/log"
>       [ X"${nsd_flags}" != X"NO" ] && rm -f /var/nsd/dev/log && \
>               daemon_flags="${daemon_flags} -a /var/nsd/dev/log"
> +     [ X"${unbound_flags}" != X"NO" ] && rm -f /var/unbound/dev/log && \
> +             daemon_flags="${daemon_flags} -a /var/unbound/dev/log"
>       [ -d /var/empty ] && rm -f /var/empty/dev/log && \
>               mkdir -p -m 0555 /var/empty/dev && \
>               daemon_flags="${daemon_flags} -a /var/empty/dev/log"
> Index: mtree/4.4BSD.dist
> ===================================================================
> RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> retrieving revision 1.245
> diff -u -p -r1.245 4.4BSD.dist
> --- mtree/4.4BSD.dist 21 Mar 2014 00:23:15 -0000      1.245
> +++ mtree/4.4BSD.dist 23 Mar 2014 22:18:05 -0000
> @@ -1357,6 +1357,11 @@ vi.recover      mode=01777
>  # ./var/unbound
>  unbound
>  
> +# ./var/unbound/dev
> +dev          uname=root gname=wheel mode=0755
> +# ./var/unbound/dev
> +..
> +
>  # ./var/unbound/etc
>  etc          uname=root gname=wheel mode=0755
>  # ./var/unbound/etc
>

Reply via email to