From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 1 Nov 2007 12:48:37 +0000 (+0000)
Subject: chroot fixup.
X-Git-Tag: release-0.6~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5b966557cc12ee6584674d2bf23cd6443c580905;p=thirdparty%2Funbound.git

chroot fixup.


git-svn-id: file:///svn/unbound/trunk@727 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/daemon/unbound.c b/daemon/unbound.c
index 953586162..7d4ecce76 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -268,10 +268,6 @@ do_chroot(struct daemon* daemon, struct config_file* cfg, int debug_mode)
 			fatal_exit("Could not chdir to %s: %s",
 				cfg->directory, strerror(errno));
 		}
-	if(cfg->chrootdir && cfg->chrootdir[0])
-		if(chroot(cfg->chrootdir))
-			fatal_exit("unable to chroot to %s: %s", 
-				cfg->chrootdir, strerror(errno));
 	if(cfg->username && cfg->username[0]) {
 		struct passwd *pwd;
 		if((pwd = getpwnam(cfg->username)) == NULL)
@@ -282,6 +278,10 @@ do_chroot(struct daemon* daemon, struct config_file* cfg, int debug_mode)
 			fatal_exit("unable to set user id: %s", strerror(errno));
 		endpwent();
 	}
+	if(cfg->chrootdir && cfg->chrootdir[0])
+		if(chroot(cfg->chrootdir))
+			fatal_exit("unable to chroot to %s: %s", 
+				cfg->chrootdir, strerror(errno));
 	/* check old pid file before forking */
 	if(cfg->pidfile && cfg->pidfile[0]) {
 		checkoldpid(cfg);
diff --git a/doc/Changelog b/doc/Changelog
index d9158f2a7..ed4e54ccb 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,8 @@
 1 November 2007: Wouter
 	- Fixup of crash on reload, due to anchors in env not NULLed after
 	  dealloc during deinit.
+	- Fixup of chroot call. Happens after privileges are dropped, so
+	  that checking the passwd entry still works.
 
 31 October 2007: Wouter
 	- cache-max-ttl config option.