Package: unbound
Version: 1.22.0-2+deb13u1
Severity: normal
X-Debbugs-Cc: [email protected]
Hello,
when enabling ip-transparent, unbound emits a warning
unbound[1327:0] warning: setsockopt(.. IP_TRANSPARENT ..) failed:
Operation not permitted
(and doesn't use the socket option).
This is fixed by doing:
echo capability net_admin, > /etc/apparmor.d/local/usr.sbin.unbound
.
Would be nice if that would work with the default apparmor profile, or
at least be documented.
(I need ip-transparent because unbound is started before networkd
configured the network interface that unbound should serve.)
Best regards
Uwe
-- System Information:
Debian Release: 13.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: armhf (armv7l)
Kernel: Linux 6.12.57+deb13-armmp (SMP w/2 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages unbound depends on:
ii adduser 3.152
ii init-system-helpers 1.69~deb13u1
ii libc6 2.41-12
ii libevent-2.1-7t64 2.1.12-stable-10+b1
ii libhiredis1.1.0 1.2.0-6+b3
ii libnghttp2-14 1.64.0-1.1
ii libprotobuf-c1 1.5.1-1
ii libpython3.13 3.13.5-2
ii libssl3t64 3.5.4-1~deb13u1
ii libsystemd0 257.9-1~deb13u1
Versions of packages unbound recommends:
ii dns-root-data 2025080400~deb13u1
Versions of packages unbound suggests:
ii apparmor 4.1.0-1
ii openssl 3.5.4-1~deb13u1
-- no debconf information
