Hi, I would like to chime in here and second the request of exposing the systemd notify socket inside the chroot.
However, I believe the patch is not fully correct. With the proposed patch, mounting of the notify socket is done unter the condition that $CHROOT_DIR and $UNBOUND_BASE_DIR are *not* equal. This means that the socket will not be mounted if you define chroot: /etc/unbound in your unbound configuration. So, mounting of the notify socket should be moved outside of the existing if clause and moved into a separate "if [ -d "$CHROOT_DIR" ]; then" clause. This is not the only issue with the current package-helper and chroot environtments though. The chroot should also contain /dev/random as the documentation emphasizes and the apparmor profile is missing the capability sys_chroot. I will submit seperate bug reports For those two issues. Thanks, Timo