On 9/24/19 3:20 PM, Stephane Bortzmeyer wrote: > On Mon, Sep 23, 2019 at 11:20:29AM +0200, > Remi Gacogne <[email protected]> wrote > a message of 98 lines which said: > >> If you are using our systemd unit file, note that we do set >> PrivateTmp=true for security reasons, meaning that you'll need to look >> for the actual log file in >> /tmp/systemd-private-*-dnsdist.service-*/dnsdist.log instead of >> /tmp/dnsdist.log. > > OK, systemd killed me again. I forgot that (and indeed, the log is > there). Thanks and sorry for the false alarm.
Thanks for confirming! > I'm puzzled by the fact that /tmp/dnsdist.log is still created? I initially suspected that the ExecStartPre command could be run with some of the sandboxing options disabled, but the documentation states otherwise and I observed the expected behavior. In fact the file is not created by starting dnsdist with systemd. It is created, however, if I run dnsdist in client mode (dnsdist -c) because we do still parse the rules and actions in that mode, outside of systemd's sandboxing. I think we will need to do a serious review of all the rules and actions and their potential side effects. Perhaps that might be the explanation of what you are seeing? Thanks again for bringing this to our attention anyway! Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
