On 3/6/23 07:37, Dag-Erling Smørgrav wrote:
"Rodney W. Grimes" <free...@gndrsh.dnsmgr.net> writes:
"Dag-Erling Smørgrav <d...@freebsd.org> writes:
No. Unbound knows it's chrooted, knows _where_ it's chrooted, and
adjusts config paths accordingly, cf. e4c53d3bf00a.
We disagree then, rather strongly, about this issue. It should not
know it is chrooted, and it especially should NOT adjust paths
based on that fact. That is a POLA, and it is also hard coding
POLICY into an executable. Almost certainly any path mangling
done because it is chroot is going to break if I chroot it to
some place very different.
Seconding what DES said. Unbound has chrooting capability built-in, that
can be configured via config file [1] and it does adjust paths to all
other files if chroot is enabled. There is no POLA violation here, this
is not a custom patch from FreeBSD, this is native unbound functionality.
[1] https://nlnetlabs.nl/documentation/unbound/unbound.conf/
--
Ihor Antonov
