Maintained by: NLnet Labs

[Unbound-users] Unbound crashes after unbound-control reload

Paul Wouters
Tue Dec 23 17:56:01 CET 2008


On Tue, 23 Dec 2008, Ray.Bellis at nominet.org.uk wrote:

> > That's why I've switched unbound in fedora to depend on SElinux, and got
> > rid of the entire chroot. (Still needs to propagate to EPEL and Fedora
> > releases)
> 
> Paul, is that just for you, or as an "official" maintainer of the package 
> for Fedora?

It is currently only in rawhide, but the idea is to migrate it to the other
releases as well.

> If the latter, then that would prevent me from running Unbound as I don't 
> have (or want) SELinux on my home machine.

>From a distribution point of view, it makes no sense to keep small chroot
copies of the OS itself for various kinds of applications. Named I believe
laready lost its chroot as well.

There were various problems with the chroot. For one, there is the issue of
updated DNSSEC keys (via dnssec-keys and autotrust). Then there is the issue
of package updates and the --bind mounts not getting unmounted in time for
the package to do an update without causing problems in the scriptlets.

And last, with the coming of instant cheap VM's for a single purpose (eg
nameserver) the concept of chroot's is becoming rather useless. The only
value content of a VM running a nameserver is within the chroot itself.

I can see about adding an option for chroot building in the spec file, and
having it disabled per default, so you only need to rpmbuild the source rpm
with a --define 'use-chroot=yes' but I'd still prefer to just completely get
rid of it.

Paul