lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Services: Unbound DNS - move unbound-blocklists.conf to configuration location. As configd will inherit the parents access rights, /tmp will be world writable. Moving this file to unbound's etc location will prevent this from happening. cc @swhite2

Browse Source
This commit is contained in:
Ad Schellevis 2023-07-05 17:45:36 +02:00
parent 4b7a1ce85b
commit 9cd3ce7f5f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/opnsense/scripts/unbound/blocklists/default_bl.py
View File

@ -35,7 +35,7 @@ from . import BaseBlocklistHandler
class DefaultBlocklistHandler(BaseBlocklistHandler):
def __init__(self):
super().__init__('/tmp/unbound-blocklists.conf')
super().__init__('/usr/local/etc/unbound/unbound-blocklists.conf')
self.priority = 100
self._whitelist_pattern = self._get_excludes()

2
src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS
View File

@ -1,6 +1,6 @@
access_lists.conf:/usr/local/etc/unbound.opnsense.d/access_lists.conf
advanced.conf:/var/unbound/advanced.conf
blocklists.conf:/tmp/unbound-blocklists.conf
blocklists.conf:/usr/local/etc/unbound/unbound-blocklists.conf
safesearch.conf:/usr/local/etc/unbound.opnsense.d/safesearch.conf
dot.conf:/usr/local/etc/unbound.opnsense.d/dot.conf
private_domains.conf:/var/unbound/private_domains.conf