Re: git: 1d577bedbae8 - main - unbound: Fix config file path

From: Rodney W. Grimes <freebsd_at_gndrsh.dnsmgr.net>
Date: Fri, 03 Mar 2023 14:02:15 UTC
[ Charset UTF-8 unsupported, converting... ]
> "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> writes:
> > I've read a few of the linux how to's on running unbound chrooted and
> > it leads me to belive that /etc/unbound/unbound.conf is the correct
> > value of the path to the config file.
> >
> > I'll also spend some ENOTIME idle cycles looking closer at what has
> > happened here.  My gut says that if unbound is running chroot to
> > /var/unbound then the config file should live in
> > /var/unbound/etc/unbound/unbound.conf
> 
> No.  Unbound knows it's chrooted, knows _where_ it's chrooted, and
> adjusts config paths accordingly, cf. e4c53d3bf00a.

We disagree then, rather strongly, about this issue.  It should not
know it is chrooted, and it especially should NOT adjust paths
based on that fact.  That is a POLA, and it is also hard coding
POLICY into an executable.  Almost certainly any path mangling
done because it is chroot is going to break if I chroot it to
some place very different.

> 
> Also note that the local-unbound configuration is not meant to be
> user-serviceable.

That, again IMHO, is a rather SIC stance to take for a caching
DNS server, especially one as flexable as unbound.

> 
> DES
> -- 
> Dag-Erling Sm?rgrav - des@FreeBSD.org
> 
> 

-- 
Rod Grimes                                                 rgrimes@freebsd.org