Date: Mon, 6 Mar 2023 07:47:41 -0800 From: Ihor Antonov <ihor@antonovs.family> To: dev-commits-src-all@freebsd.org Subject: Re: git: 1d577bedbae8 - main - unbound: Fix config file path Message-ID: <870e0444-b915-d286-9a1a-4b7ffffcec2a@antonovs.family> In-Reply-To: <86mt4psxfw.fsf@ltc.des.no> References: <202303031402.323E2FEN066412@gndrsh.dnsmgr.net> <86mt4psxfw.fsf@ltc.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/6/23 07:37, Dag-Erling Smørgrav wrote: > "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> writes: >> "Dag-Erling Smørgrav <des@freebsd.org> writes: >>> No. Unbound knows it's chrooted, knows _where_ it's chrooted, and >>> adjusts config paths accordingly, cf. e4c53d3bf00a. >> We disagree then, rather strongly, about this issue. It should not >> know it is chrooted, and it especially should NOT adjust paths >> based on that fact. That is a POLA, and it is also hard coding >> POLICY into an executable. Almost certainly any path mangling >> done because it is chroot is going to break if I chroot it to >> some place very different. Seconding what DES said. Unbound has chrooting capability built-in, that can be configured via config file [1] and it does adjust paths to all other files if chroot is enabled. There is no POLA violation here, this is not a custom patch from FreeBSD, this is native unbound functionality. [1] https://nlnetlabs.nl/documentation/unbound/unbound.conf/ -- Ihor Antonov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?870e0444-b915-d286-9a1a-4b7ffffcec2a>