On 9/24/19 3:20 PM, Stephane Bortzmeyer wrote:
> On Mon, Sep 23, 2019 at 11:20:29AM +0200,
>  Remi Gacogne <remi.gaco...@powerdns.com> wrote 
>  a message of 98 lines which said:
>> If you are using our systemd unit file, note that we do set
>> PrivateTmp=true for security reasons, meaning that you'll need to look
>> for the actual log file in
>> /tmp/systemd-private-*-dnsdist.service-*/dnsdist.log instead of
>> /tmp/dnsdist.log.
> OK, systemd killed me again. I forgot that (and indeed, the log is
> there). Thanks and sorry for the false alarm.

Thanks for confirming!

> I'm puzzled by the fact that /tmp/dnsdist.log is still created?

I initially suspected that the ExecStartPre command could be run with
some of the sandboxing options disabled, but the documentation states
otherwise and I observed the expected behavior.
In fact the file is not created by starting dnsdist with systemd. It is
created, however, if I run dnsdist in client mode (dnsdist -c) because
we do still parse the rules and actions in that mode, outside of
systemd's sandboxing. I think we will need to do a serious review of all
the rules and actions and their potential side effects.
Perhaps that might be the explanation of what you are seeing?

Thanks again for bringing this to our attention anyway!

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

Attachment: signature.asc
Description: OpenPGP digital signature

dnsdist mailing list

Reply via email to