]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a94a68)
Disable ProtectKernelTunables again 565/head
authorMaryse47 <41080948+Maryse47@users.noreply.github.com>
Wed, 3 Nov 2021 13:05:11 +0000 (13:05 +0000)
committerGitHub <noreply@github.com>
Wed, 3 Nov 2021 13:05:11 +0000 (13:05 +0000)
This option was removed in https://github.com/NLnetLabs/unbound/commit/ff8fd0be5c529e7a1b84e8c74426e9c531c0a8f8 but reintroduced in https://github.com/NLnetLabs/unbound/commit/c32b9e4ba95983146eac805719db720f02a64358

Disable it with commentary in hope to prevent slipping it in again.

contrib/unbound.service.in patch | blob | blame | history

diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index 90ee708ce2c5453b2602c5e81ee803d841d16dac..ada5fac9c224143d2aae39e0e411e541911efd82 100644 (file)
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -64,7 +64,8 @@ ProtectClock=true
 ProtectControlGroups=true
 ProtectKernelLogs=true
 ProtectKernelModules=true
-ProtectKernelTunables=true
+# This breaks using socket options like 'so-rcvbuf'. Explicitly disable for visibility.
+ProtectKernelTunables=false
 ProtectProc=invisible
 ProtectSystem=strict
 RuntimeDirectory=unbound
Mirror of https://github.com/NLnetLabs/unbound.git