unbound services potentially modifies wrong directory
Since 2f801fed unbound has the following checkpath
invocation in the start_pre
function:
local i; for i in $(/usr/sbin/unbound-checkconf -o control-interface "$cfgfile"); do
case "$i" in
*/*) test -d "$i" || checkpath -d -m 750 -o unbound:unbound "$(dirname "$i")" || return 1
esac
done
This breaks if the unbound control interface isn't set to a subdirectory of /var/run
or /run
. If the unbound control interface is /run/unbound/unbound.sock
(the new default) everything works as expected since it modifies the owner and group of the /run/unbound
directory. If the unbound control socket is set to /var/run/unbound.sock
it attempts to modify the owner and group of /var/run
(dirname of /var/run/unbound.sock
) which is not desirable.