Hi,
configuration managment systems seem to place files they manage into
some temp directory, run a validation command and then move the config
file into the final destination. (I tried salt stack's "check_cmd" and
ansible's "validate" option.)
This does not play well with unbound-checkconf since it complains if
the config file is not placed inside the chroot. I note that
nsd-checkconf does not have this restriction.
Maybe this can be removed from unbound-checkconf as well?
Something like this:
diff --git smallapp/unbound-checkconf.c smallapp/unbound-checkconf.c
index ea46479172c..255ffa4cda8 100644
--- smallapp/unbound-checkconf.c
+++ smallapp/unbound-checkconf.c
@@ -463,19 +463,6 @@ morechecks(struct config_file* cfg, const char* fname)
!is_dir(cfg->chrootdir)) {
fatal_exit("bad chroot directory");
}
- if(cfg->chrootdir && cfg->chrootdir[0]) {
- char buf[10240];
- buf[0] = 0;
- if(fname[0] != '/') {
- if(getcwd(buf, sizeof(buf)) == NULL)
- fatal_exit("getcwd: %s", strerror(errno));
- (void)strlcat(buf, "/", sizeof(buf));
- }
- (void)strlcat(buf, fname, sizeof(buf));
- if(strncmp(buf, cfg->chrootdir, strlen(cfg->chrootdir)) != 0)
- fatal_exit("config file %s is not inside chroot %s",
- buf, cfg->chrootdir);
- }
if(cfg->directory && cfg->directory[0]) {
char* ad = fname_after_chroot(cfg->directory, cfg, 0);
if(!ad) fatal_exit("out of memory");
--
I'm not entirely sure you are real.
