Created attachment 215593 [details] Initial version Patch fixes couple of issues found in present version of unbound.in: * ${unbound_conf} is never defined, ${unbound_config} must be used in all cases * (u)mount devfs for an unbound instance running in chrooted environment, add a note for enabling robust syslog(3) logging in this case. Severity is set to "many people" as the default unbound configuration enforces both chroot and logging via syslog.
Created attachment 215594 [details] Add a comment for var/run
Created attachment 215599 [details] Check for syslog socket as well
Comment on attachment 215599 [details] Check for syslog socket as well Looks good to me, jaap
(In reply to lytboris from comment #2) Note that unbound actually opens the syslog socket before it does the chroot(). Therefore, creating the socket is not necessary. And to be complete, the samme is try for the logfile. It will be opened before the chroot call. jaap
> Therefore, creating the socket is not necessary. I thought the same way and I was wrong. Reload command forces unbound to reopen logs being chrooted and after that it fails to log anything via syslog.
(In reply to lytboris from comment #5) Loooking more closely, you should also have other directives adjusted to have chroot work properly or alternatively, copy the whole tree needed to the "changed root" so the defaults paths for "chroot", "directory" and likely also things like auto-trust-anchor-file server-key-file server-cert-file and control-key-file etc. jaap
Overtaken by events. Unbound 13.0 has fixes for chroot problems, see https://nlnetlabs.nl/projects/unbound/download/#unbound-1-13-0
(In reply to Jaap Akkerhuis from comment #7) From my personal experience it seems that 1.13.0_1 still needs syslogd socket within its chroot for reliable logging.
(In reply to Andriy Gapon from comment #8) Er was a typo, 1.13.1 is out. The lunk has the announcement