Hi Florian, On 10/30/18 3:12 PM, Florian Obser via Unbound-users wrote: > Hi, > > configuration managment systems seem to place files they manage into > some temp directory, run a validation command and then move the config > file into the final destination. (I tried salt stack's "check_cmd" and > ansible's "validate" option.) > > This does not play well with unbound-checkconf since it complains if > the config file is not placed inside the chroot. I note that > nsd-checkconf does not have this restriction.
Sure, removed that check. Thanks for the mention.
Best regards, Wouter
>
> Maybe this can be removed from unbound-checkconf as well?
>
> Something like this:
>
> diff --git smallapp/unbound-checkconf.c smallapp/unbound-checkconf.c
> index ea46479172c..255ffa4cda8 100644
> --- smallapp/unbound-checkconf.c
> +++ smallapp/unbound-checkconf.c
> @@ -463,19 +463,6 @@ morechecks(struct config_file* cfg, const char* fname)
> !is_dir(cfg->chrootdir)) {
> fatal_exit("bad chroot directory");
> }
> - if(cfg->chrootdir && cfg->chrootdir[0]) {
> - char buf[10240];
> - buf[0] = 0;
> - if(fname[0] != '/') {
> - if(getcwd(buf, sizeof(buf)) == NULL)
> - fatal_exit("getcwd: %s", strerror(errno));
> - (void)strlcat(buf, "/", sizeof(buf));
> - }
> - (void)strlcat(buf, fname, sizeof(buf));
> - if(strncmp(buf, cfg->chrootdir, strlen(cfg->chrootdir)) != 0)
> - fatal_exit("config file %s is not inside chroot %s",
> - buf, cfg->chrootdir);
> - }
> if(cfg->directory && cfg->directory[0]) {
> char* ad = fname_after_chroot(cfg->directory, cfg, 0);
> if(!ad) fatal_exit("out of memory");
>
>
>
>
signature.asc
Description: OpenPGP digital signature
