From c48f01445e22686a0cb83451ab055cb405940b58 Mon Sep 17 00:00:00 2001 From: David Runge Date: Sat, 21 Nov 2020 14:10:39 +0100 Subject: [PATCH] Add AF_NETLINK to set of allowed socket address families contrib/unbound{,_portable}.service.in: With the changes introduced in f6a527c25ad2e60e2dc129fff3605e6ec48c30f2 it is now necessary to also allow access to the AF_NETLINK socket address family to be able to get information from interfaces. Without the AF_NETLINK address family the systemd service errors with: ``` error: failed to list interfaces: getifaddrs: Address family not supported by protocol ``` Fixes #350 --- contrib/unbound.service.in | 2 +- contrib/unbound_portable.service.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index c95ab94b3..a4596978d 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -66,7 +66,7 @@ ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound StateDirectory=unbound -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in index 998b66dec..e763763f0 100644 --- a/contrib/unbound_portable.service.in +++ b/contrib/unbound_portable.service.in @@ -38,7 +38,7 @@ ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound StateDirectory=unbound -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources -- 2.47.2