FreeBSD Bugzilla – Attachment 215593 Details for
Bug 247291
dns/unbound: Add some support for running in chrooted env (which is by default)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Initial version
patch-unbound.in-chroot (text/plain), 3.28 KB, created by
lytboris
on 2020-06-15 23:11:44 UTC
(
hide
)
Description:
Initial version
Filename:
MIME Type:
Creator:
lytboris
Created:
2020-06-15 23:11:44 UTC
Size:
3.28 KB
patch
obsolete
>--- unbound.in 2020-06-16 01:59:48.625940000 +0300 >+++ unbound.in 2020-06-16 02:07:34.203752000 +0300 >@@ -22,7 +22,13 @@ > # You could set alternative config with > # unbound_config="/path/to/config" > # >+# A fib can be set for unbound with >+# unbound_fib=1 > # >+# Chroot dir is read from unbound_config by default but can be >+# overriden with >+# unbound_chrootdir="/my/own/path" >+# > # Multiple profiles are supported with > # > # unbound_profiles="name1 name2" >@@ -34,6 +40,18 @@ > # A fib can be set for each profile as in > # unbound_name1_fib=1 > # >+# Specify custom chroot dir for each profile >+# unbound_name1_chrootdir="/path/to/chroot1" >+# >+# >+# N.B. unbound runs in chrooted enviroment with logs being sent to syslog(2) >+# Be sure to enable alternative log socket to allow continious log flow. >+# For syslogd(8) additional sockets can be configured with >+# altlog_proglist="${altlog_proglist} unbound" >+# unbound_chrootdir="%%PREFIX%%/etc/unbound" >+# >+# Please note that setting unbound_chrootdir is a MUST in this case. >+# > > . /etc/rc.subr > >@@ -55,9 +73,29 @@ > esac > } > >+unbound_mount_devfs() { >+ if [ -z "${unbound_chrootdir}" ]; then >+ return; >+ fi >+ echo "Mounting devfs for chroot environment ${unbound_chrootdir}" >+ umount "${unbound_chrootdir}/dev" 2>/dev/null >+ mkdir -p ${unbound_chrootdir}/dev >+ devfs_domount ${unbound_chrootdir}/dev devfsrules_hide_all >+ devfs_apply_ruleset devfsrules_unhide_basic ${unbound_chrootdir}/dev >+} >+ >+unbound_poststop() { >+ if [ -z "${unbound_chrootdir}" ]; then >+ return; >+ fi >+ umount "${unbound_chrootdir}/dev" 2>/dev/null >+} >+ >+ > start_precmd() > { > unbound_startfib >+ unbound_mount_devfs > > echo -n "Obtaining a trust anchor.." > if [ "${unbound_anchorflags}T" = "T" ]; then >@@ -66,7 +104,7 @@ > su -m unbound -c "%%PREFIX%%/sbin/unbound-anchor ${unbound_anchorflags}" > fi > echo . >- %%PREFIX%%/sbin/unbound-checkconf ${unbound_conf} > /dev/null >+ %%PREFIX%%/sbin/unbound-checkconf ${unbound_config} > /dev/null > return $? > } > >@@ -76,7 +114,7 @@ > : ${unbound_config:=%%PREFIX%%/etc/unbound/unbound.conf} > > # Set PID file >-pidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile %%PREFIX%%/etc/unbound/unbound.conf) >+pidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile ${unbound_config}) > > required_files=${unbound_config} > command="%%PREFIX%%/sbin/${name}" >@@ -84,8 +122,12 @@ > unbound_anchorflags=${unbound_anchorflags:-""} > extra_commands="reload" > start_precmd="start_precmd" >-reload_precmd="%%PREFIX%%/sbin/unbound-checkconf ${unbound_conf} >/dev/null" >+reload_precmd="%%PREFIX%%/sbin/unbound-checkconf ${unbound_config} >/dev/null" >+stop_postcmd=unbound_poststop > >+_cfgchrootdir=$(%%PREFIX%%/sbin/unbound-checkconf -o chroot ${unbound_config}) >+unbound_chrootdir=${unbound_chrootdir:-${_cfgchrootdir}} >+ > load_rc_config "${name}" > > if [ -n "$2" ]; then >@@ -101,6 +143,9 @@ > # Replace default value with profile-based (defined in the config file) > _cfgpidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile ${unbound_config}) > _defaultpidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile /dev/null) >+ _cfgchrootdir=$(%%PREFIX%%/sbin/unbound-checkconf -o chroot ${unbound_config}) >+ >+ eval unbound_chrootdir="\${unbound_${profile}_chrootdir:-${_cfgchrootdir}}" > > if [ "x${_cfgpidfile}" = "x" -o "x${_cfgpidfile}" = "x${_defaultpidfile}" ] ; then > pidfile=${_defaultpidfile}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 247291
:
215593
|
215594
|
215599