From 2d5d392bc2b722ab9f52aeb624d42317a78288fb Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 17 Oct 2018 17:23:45 +0000 Subject: [PATCH] unbound: set up a full chroot including local log socket #2791 --- src/etc/inc/plugins.inc.d/unbound.inc | 12 ++++++++++++ src/etc/inc/system.inc | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/etc/inc/plugins.inc.d/unbound.inc b/src/etc/inc/plugins.inc.d/unbound.inc index 9a3a18589..a15809375 100644 --- a/src/etc/inc/plugins.inc.d/unbound.inc +++ b/src/etc/inc/plugins.inc.d/unbound.inc @@ -418,6 +418,18 @@ function unbound_configure_do($verbose = false, $interface = '') return; } + $dirs = array('/dev', '/etc', '/lib', '/run', '/usr', '/usr/local/sbin', '/var/db', '/var/run'); + + foreach ($dirs as $dir) { + mwexecf('/bin/mkdir -p %s', "/var/unbound{$dir}"); + } + + if (mwexecf('/sbin/mount -uw %s', '/var/unbound/dev', true)) { + mwexecf('/sbin/mount -t devfs devfs %s', '/var/unbound/dev'); + } + + mwexecf('/usr/sbin/chown -R unbound:unbound %s', '/var/unbound'); + if ($verbose) { echo 'Starting Unbound DNS...'; flush(); diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index eb3fa39bc..594525092 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -693,7 +693,7 @@ function system_syslogd_start($verbose = false, $restart = false) $syslogconfs['pkg'] = array('facility' => array('pkg', 'pkg-static')); $syslogconfs['portalauth'] = array('facility' => array('captiveportal'), 'remote' => 'portalauth'); $syslogconfs['ppps'] = array('facility' => array('ppp')); - $syslogconfs['resolver'] = array('facility' => array('unbound'), 'remote' => 'dns'); + $syslogconfs['resolver'] = array('facility' => array('unbound'), 'local' => '/var/unbound/var/run/log', 'remote' => 'dns'); $syslogconfs['routing'] = array('facility' => array('radvd', 'routed', 'rtsold', 'olsrd', 'zebra', 'ospfd', 'bgpd', 'miniupnpd')); $syslogconfs['wireless'] = array('facility' => array('hostapd'), 'remote' => 'hostapd');