]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 72bfa5a)
unbound.service.in: add StateDirectory
authorMaryse47 <41080948+Maryse47@users.noreply.github.com>
Mon, 27 Jan 2020 12:46:31 +0000 (13:46 +0100)
committerMaryse47 <41080948+Maryse47@users.noreply.github.com>
Mon, 27 Jan 2020 12:46:31 +0000 (13:46 +0100)
State directory will be created under /var/lib/unbound and will be
useful for writing various files managed at runtime like trust
anchors updates there instead of in ConfigureDirectory which could
be made read-only next. For this chroot needs to be disabled.

contrib/unbound.service.in patch | blob | blame | history
contrib/unbound_portable.service.in patch | blob | blame | history

diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index d0e294213f9185cff449c2bcfd6210a5e6f7611e..b1211a4be291bb7ddca0bcb01a1015a2c5c328d9 100644 (file)
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -65,6 +65,7 @@ ProtectKernelModules=true
 ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
+StateDirectory=unbound
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictRealtime=true
 SystemCallArchitectures=native
diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in
index 53dc8701b5e5cbc789760fb9681310eb4b75d42a..cbfc58f9907db0e05a1855dbfcf42eefc5fdcf8c 100644 (file)
--- a/contrib/unbound_portable.service.in
+++ b/contrib/unbound_portable.service.in
@@ -39,6 +39,7 @@ ProtectKernelModules=true
 ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
+StateDirectory=unbound
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictRealtime=true
 SystemCallArchitectures=native
Mirror of https://github.com/NLnetLabs/unbound.git