Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Update unbound.service.in #149
I'm trying to use (and deploy) unbound as a portable service. With the provided .service file, it seems very difficult, mostly because it puts everything under a
I also added an
These changes also require
I'm trying to use (and deploy) unbound as a portable service. With the provided .service file, it seems very difficult, mostly because it puts everything under a `chroot` directory. The chroot thing seems a bit cumbersome though since we are using systemd to harden the environment unbound will run in. So, here are a few changes I suggest to make things a bit more "standard" (IMHO). The changes are mostly inspired by what is provided by systemd in /usr/lib/systemd/portable/profile/default/service.conf. I also added an `ExecStop=` directive because why not :) The removed `ReadWritePaths=`, `TemporaryFileSystem=`, `BindReadOnlyPaths=` and `BindPaths=` directives have been replaced by `ConfigurationDirectory=` and `RuntimeDirectory=` which makes things clearer IMHO. Some of them were also already implied by `ProtectSystem=strict`. I'll be happy to give some more precisions if needed. These changes also require `chroot: ""` and `pidfile: /run/unbound/unbound.pid` but that might be something for the packagers to take care of when compiling (depending on the use of systemd in the distro ?) ?
Create a new file contrib/unbound_nochroot.service.in and copy your changes in there, leave the unbound.service.in unmodified. Then apply this change to configure.ac and that should make it work.
This diff adds