On Tue, Dec 16, 2014 at 10:30:21AM +0100, Antoine Jacoutot wrote:
> > > may just a naive question..
> > > but did you sudo vipw
> > > and put unbound class for unbound user?
> >
> > That's not neccesary anymore these days, I believe. The rc.d subsystem
> > takes case of setting the proper class, if available. At least it
>
> That's correct.
>
> > does not document setting the login class in the pwd db is needed.
>
> Because it's not :-)
>
> --
> Antoine
Well, there's more to it than that.
unbound has code to set it's own rlimits. It uses setusercontext()
with the class of the _unbound user. So the class of the unbound user
*does* matter.
If I set the class of the _unbound user and both cur and max things
seem to work:
unbound:\
:openfiles=2048:\
:tc=daemon:
Just setting cur does not work, since it then tries to set a cur
higher than max and you'll get an error:
unbound: unbound: setting resource limit openfiles: Invalid argument
in the daemon log.
-Otto
