--- unbound.in 2020-06-16 01:59:48.625940000 +0300 +++ unbound.in 2020-06-16 02:07:34.203752000 +0300 @@ -22,7 +22,13 @@ # You could set alternative config with # unbound_config="/path/to/config" # +# A fib can be set for unbound with +# unbound_fib=1 # +# Chroot dir is read from unbound_config by default but can be +# overriden with +# unbound_chrootdir="/my/own/path" +# # Multiple profiles are supported with # # unbound_profiles="name1 name2" @@ -34,6 +40,18 @@ # A fib can be set for each profile as in # unbound_name1_fib=1 # +# Specify custom chroot dir for each profile +# unbound_name1_chrootdir="/path/to/chroot1" +# +# +# N.B. unbound runs in chrooted enviroment with logs being sent to syslog(2) +# Be sure to enable alternative log socket to allow continious log flow. +# For syslogd(8) additional sockets can be configured with +# altlog_proglist="${altlog_proglist} unbound" +# unbound_chrootdir="%%PREFIX%%/etc/unbound" +# +# Please note that setting unbound_chrootdir is a MUST in this case. +# . /etc/rc.subr @@ -55,9 +73,29 @@ esac } +unbound_mount_devfs() { + if [ -z "${unbound_chrootdir}" ]; then + return; + fi + echo "Mounting devfs for chroot environment ${unbound_chrootdir}" + umount "${unbound_chrootdir}/dev" 2>/dev/null + mkdir -p ${unbound_chrootdir}/dev + devfs_domount ${unbound_chrootdir}/dev devfsrules_hide_all + devfs_apply_ruleset devfsrules_unhide_basic ${unbound_chrootdir}/dev +} + +unbound_poststop() { + if [ -z "${unbound_chrootdir}" ]; then + return; + fi + umount "${unbound_chrootdir}/dev" 2>/dev/null +} + + start_precmd() { unbound_startfib + unbound_mount_devfs echo -n "Obtaining a trust anchor.." if [ "${unbound_anchorflags}T" = "T" ]; then @@ -66,7 +104,7 @@ su -m unbound -c "%%PREFIX%%/sbin/unbound-anchor ${unbound_anchorflags}" fi echo . - %%PREFIX%%/sbin/unbound-checkconf ${unbound_conf} > /dev/null + %%PREFIX%%/sbin/unbound-checkconf ${unbound_config} > /dev/null return $? } @@ -76,7 +114,7 @@ : ${unbound_config:=%%PREFIX%%/etc/unbound/unbound.conf} # Set PID file -pidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile %%PREFIX%%/etc/unbound/unbound.conf) +pidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile ${unbound_config}) required_files=${unbound_config} command="%%PREFIX%%/sbin/${name}" @@ -84,8 +122,12 @@ unbound_anchorflags=${unbound_anchorflags:-""} extra_commands="reload" start_precmd="start_precmd" -reload_precmd="%%PREFIX%%/sbin/unbound-checkconf ${unbound_conf} >/dev/null" +reload_precmd="%%PREFIX%%/sbin/unbound-checkconf ${unbound_config} >/dev/null" +stop_postcmd=unbound_poststop +_cfgchrootdir=$(%%PREFIX%%/sbin/unbound-checkconf -o chroot ${unbound_config}) +unbound_chrootdir=${unbound_chrootdir:-${_cfgchrootdir}} + load_rc_config "${name}" if [ -n "$2" ]; then @@ -101,6 +143,9 @@ # Replace default value with profile-based (defined in the config file) _cfgpidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile ${unbound_config}) _defaultpidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile /dev/null) + _cfgchrootdir=$(%%PREFIX%%/sbin/unbound-checkconf -o chroot ${unbound_config}) + + eval unbound_chrootdir="\${unbound_${profile}_chrootdir:-${_cfgchrootdir}}" if [ "x${_cfgpidfile}" = "x" -o "x${_cfgpidfile}" = "x${_defaultpidfile}" ] ; then pidfile=${_defaultpidfile}