From: Maryse47 <41080948+Maryse47@users.noreply.github.com>
Date: Mon, 27 Jan 2020 12:46:31 +0000 (+0100)
Subject: unbound.service.in: add StateDirectory
X-Git-Tag: release-1.10.0rc1~31^2~2^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfce0a5e60cbe4c11a52b6b084265dae437b05ec;p=thirdparty%2Funbound.git

unbound.service.in: add StateDirectory

State directory will be created under /var/lib/unbound and will be
useful for writing various files managed at runtime like trust
anchors updates there instead of in ConfigureDirectory which could
be made read-only next. For this chroot needs to be disabled.
---

diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index d0e294213..b1211a4be 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -65,6 +65,7 @@ ProtectKernelModules=true
 ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
+StateDirectory=unbound
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictRealtime=true
 SystemCallArchitectures=native
diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in
index 53dc8701b..cbfc58f99 100644
--- a/contrib/unbound_portable.service.in
+++ b/contrib/unbound_portable.service.in
@@ -39,6 +39,7 @@ ProtectKernelModules=true
 ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
+StateDirectory=unbound
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictRealtime=true
 SystemCallArchitectures=native