Bug 1244 - Use of chroot requires trust anchor file to be under chroot
Use of chroot requires trust anchor file to be under chroot
Product: unbound
Classification: Unclassified
Component: server
x86_64 Linux
: P5 normal
Assigned To: unbound team
Depends on:
  Show dependency treegraph
Reported: 2017-04-04 15:36 CEST by rudolph+nlnlbugs
Modified: 2017-04-04 15:40 CEST (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description rudolph+nlnlbugs 2017-04-04 15:36:52 CEST
This wasn't clear/mentioned in the documentation, but it seems that due to when chrooting happens vs opening/use of the (auto-)trust-anchor-file, that file needs to be under the chroot for the server to start up correctly. The error message one gets if this is not the case is a little confusing - a generic "unable to open" even though permissions and ownership seem fine.

I think this should at least be mentioned in the documentation as it may save some users a few minutes of debugging.

Comment 1 Wouter Wijngaards 2017-04-04 15:40:09 CEST
Hi Rudolph,

Yes, I added text to unbound.conf man page for that.

I believe unbound-checkconf also checks for this condition.

Best regards, Wouter