Upgrading unbound via pkg upgrade inside a jail fails: Oct 11 14:59:08 XXXXX pkg: unbound upgraded: 1.5.9_1 -> 1.5.10 Oct 11 14:59:08 XXXXX unbound: [47924:0] fatal error: unable to chroot to /usr/local/etc/unbound: Operation not permitted Running "service unbound restart" in the jail after pkg(8) finishes succeeds, so I don't know if this is an actual unbound bug, or an rc script bug, or a pkg(8) bug. I don't know why it's trying to chroot as Oct 11 14:59:31 XXXXX unbound: [47974:0] warning: did not exit gracefully last time (47924) Oct 11 14:59:31 XXXXX unbound: [47975:0] notice: init module 0: validator Oct 11 14:59:31 XXXXX unbound: [47975:0] notice: init module 1: iterator
It is odd that it complains about the chroot. Unbound should only do that when configured to do so. Nothing changed in the rc script with this upgrade so that is unlikely the cause.
I have figured out the cause of the problem. unbound always attempts to chroot when starting, but normally succeeds. When starting inside the environment of a package upgrade, however, it is erroneously running with a file descriptor open on a directory. The check in `sys/kern/vfs_syscalls.c#chroot_refuse_vdir_fds` then refuses to allow the chroot to succeed, *if* either `kern.chroot_allow_open_directories` is set to 0, or it is set to 1 (which is the default) and is already running in a chroot (which includes jails). Conclusion: this is a bug in pkg; the startup scripts should not be run with any descriptors open other than the standard 0/1/2.
This has been fixed in the github repository and will be in the next release which will happen before the Weekend
(In reply to Garrett Wollman from comment #2) Thanks for figuring this out.