From: Ralph Dolmans <ralph@nlnetlabs.nl>
Date: Mon, 19 Aug 2019 11:27:19 +0000 (+0200)
Subject: - Document limitation of pidfile removal outside of chroot directory.
X-Git-Tag: release-1.9.3rc2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b752e359ec2fdd7e9f6bb737c4506da19161676;p=thirdparty%2Funbound.git

- Document limitation of pidfile removal outside of chroot directory.
---

diff --git a/doc/Changelog b/doc/Changelog
index 0ba7b9a38..2f8946346 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+19 August 2019: Ralph
+	- Document limitation of pidfile removal outside of chroot directory.
+
 16 August 2019: Wouter
 	- Fix unittest valgrind false positive uninitialised value report,
 	  where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 083a7c106..b1d8c7900 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -629,7 +629,9 @@ In the last case the path is adjusted to remove the unused portion.
 The pidfile can be either a relative path to the working directory, or
 an absolute path relative to the original root. It is written just prior
 to chroot and dropping permissions. This allows the pidfile to be
-/var/run/unbound.pid and the chroot to be /var/unbound, for example.
+/var/run/unbound.pid and the chroot to be /var/unbound, for example. Note that
+Unbound is not able to remove the pidfile after termination when it is located
+outside of the chroot directory.
 .IP
 Additionally, unbound may need to access /dev/random (for entropy)
 from inside the chroot.