From: David Runge Date: Sat, 21 Nov 2020 13:10:39 +0000 (+0100) Subject: Add AF_NETLINK to set of allowed socket address families X-Git-Tag: release-1.13.0rc1~14^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c48f01445e22686a0cb83451ab055cb405940b58;p=thirdparty%2Funbound.git Add AF_NETLINK to set of allowed socket address families contrib/unbound{,_portable}.service.in: With the changes introduced in f6a527c25ad2e60e2dc129fff3605e6ec48c30f2 it is now necessary to also allow access to the AF_NETLINK socket address family to be able to get information from interfaces. Without the AF_NETLINK address family the systemd service errors with: ``` error: failed to list interfaces: getifaddrs: Address family not supported by protocol ``` Fixes #350 --- diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index c95ab94b3..a4596978d 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -66,7 +66,7 @@ ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound StateDirectory=unbound -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in index 998b66dec..e763763f0 100644 --- a/contrib/unbound_portable.service.in +++ b/contrib/unbound_portable.service.in @@ -38,7 +38,7 @@ ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound StateDirectory=unbound -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources