From 9cd3ce7f5fa5dc645fc74c4d0b709220f4ccb505 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 5 Jul 2023 17:45:36 +0200 Subject: [PATCH] Services: Unbound DNS - move unbound-blocklists.conf to configuration location. As configd will inherit the parents access rights, /tmp will be world writable. Moving this file to unbound's etc location will prevent this from happening. cc @swhite2 --- src/opnsense/scripts/unbound/blocklists/default_bl.py | 2 +- src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/opnsense/scripts/unbound/blocklists/default_bl.py b/src/opnsense/scripts/unbound/blocklists/default_bl.py index 31a677153..333172aa2 100755 --- a/src/opnsense/scripts/unbound/blocklists/default_bl.py +++ b/src/opnsense/scripts/unbound/blocklists/default_bl.py @@ -35,7 +35,7 @@ from . import BaseBlocklistHandler class DefaultBlocklistHandler(BaseBlocklistHandler): def __init__(self): - super().__init__('/tmp/unbound-blocklists.conf') + super().__init__('/usr/local/etc/unbound/unbound-blocklists.conf') self.priority = 100 self._whitelist_pattern = self._get_excludes() diff --git a/src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS b/src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS index df69a1362..41780c02c 100644 --- a/src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS +++ b/src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS @@ -1,6 +1,6 @@ access_lists.conf:/usr/local/etc/unbound.opnsense.d/access_lists.conf advanced.conf:/var/unbound/advanced.conf -blocklists.conf:/tmp/unbound-blocklists.conf +blocklists.conf:/usr/local/etc/unbound/unbound-blocklists.conf safesearch.conf:/usr/local/etc/unbound.opnsense.d/safesearch.conf dot.conf:/usr/local/etc/unbound.opnsense.d/dot.conf private_domains.conf:/var/unbound/private_domains.conf