Package: unbound
Version: 1.9.0-2
Severity: normal
Tags: patch
With the introduction of a safety check around the use of --pidfile in
start-stop-daemon (the best summary of which I've found is in
https://bugs.debian.org/921557), the unbound init script's use of
start-stop-daemon in the 'reload' action is now reporting an error:
# service unbound reload
[....] Reloading DNS server: unboundstart-stop-daemon: matching only on
non-root pidfile /run/unbound.pid is insecure
failed!
The other actions all appear to be correct, because they include --name
$NAME, which makes start-stop-daemon happy; it's only the reload action
which has the difficulty.
The attached patch fixes the problem nicely for me.
diff -ur a/debian/unbound.init b/debian/unbound.init
--- a/debian/unbound.init 2019-10-02 18:42:43.964310133 +1000
+++ b/debian/unbound.init 2019-10-02 18:43:01.316838940 +1000
@@ -65,7 +65,7 @@
reload)
log_daemon_msg "Reloading $DESC" "$NAME"
- if start-stop-daemon --stop --pidfile $PIDFILE --signal 1; then
+ if start-stop-daemon --stop --pidfile $PIDFILE --name $NAME --signal
1; then
$HELPER chroot_setup
log_end_msg 0
else
