Hi,

I would like to chime in here and second the request of exposing the systemd 
notify socket inside the chroot.

However, I believe the patch is not fully correct. With the proposed patch, 
mounting of the notify socket is done unter the condition that $CHROOT_DIR and 
$UNBOUND_BASE_DIR are *not* equal. This means that the socket will not be 
mounted if you define
  chroot: /etc/unbound
in your unbound configuration. So, mounting of the notify socket should be 
moved outside of the existing if clause and moved into a separate "if [ -d 
"$CHROOT_DIR" ]; then" clause.

This is not the only issue with the current package-helper and chroot 
environtments though. The chroot should also contain /dev/random as the 
documentation emphasizes and the apparmor profile is missing the capability 
sys_chroot. I will submit seperate bug reports For those two issues.

Thanks,

Timo

Reply via email to