- chdir to / after chroot call (suggested by Camiel Dobbelaar).

git-svn-id: file:///svn/unbound/trunk@2764 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/unbound.c b/daemon/unbound.c
index d64751ab57a4755f92268718906d8050bd29b563..377396fc4d01a2fc83b269beb33d60393dc5fed5 100644 (file)
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -539,6 +539,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
                if(chroot(cfg->chrootdir))
                        fatal_exit("unable to chroot to %s: %s", 
                                cfg->chrootdir, strerror(errno));
+               if(chdir("/"))
+                       fatal_exit("unable to chdir to / in chroot %s: %s",
+                               cfg->chrootdir, strerror(errno));
                verbose(VERB_QUERY, "chroot to %s", cfg->chrootdir);
                if(strncmp(*cfgfile, cfg->chrootdir, 
                        strlen(cfg->chrootdir)) == 0) 

diff --git a/doc/Changelog b/doc/Changelog
index 629749839c473f881ed79b4b5de472411b16a7e9..68b57f07b248eb368d975af056c49fe2177ca3e9 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+21 September 2012: Wouter
+       - chdir to / after chroot call (suggested by Camiel Dobbelaar).
+
 17 September 2012: Wouter
        - patch_rsamd5_enable.diff: this patch enables RSAMD5 validation
          otherwise it is treated as insecure.  The RSAMD5 algorithm is