unbound-checkconf: fatal error: config file is not inside chroot

[Florian Obser]

Hi,

configuration managment systems seem to place files they manage into
some temp directory, run a validation command and then move the config
file into the final destination. (I tried salt stack's "check_cmd" and
ansible's "validate" option.)

This does not play well with unbound-checkconf since it complains if
the config file is not placed inside the chroot. I note that
nsd-checkconf does not have this restriction.

Maybe this can be removed from unbound-checkconf as well?

Something like this:

diff --git smallapp/unbound-checkconf.c smallapp/unbound-checkconf.c
index ea46479172c..255ffa4cda8 100644
--- smallapp/unbound-checkconf.c
+++ smallapp/unbound-checkconf.c
@@ -463,19 +463,6 @@ morechecks(struct config_file* cfg, const char* fname)
 		!is_dir(cfg->chrootdir)) {
 		fatal_exit("bad chroot directory");
 	}
-	if(cfg->chrootdir && cfg->chrootdir[0]) {
-		char buf[10240];
-		buf[0] = 0;
-		if(fname[0] != '/') {
-			if(getcwd(buf, sizeof(buf)) == NULL)
-				fatal_exit("getcwd: %s", strerror(errno));
-			(void)strlcat(buf, "/", sizeof(buf));
-		}
-		(void)strlcat(buf, fname, sizeof(buf));
-		if(strncmp(buf, cfg->chrootdir, strlen(cfg->chrootdir)) != 0)
-			fatal_exit("config file %s is not inside chroot %s",
-				buf, cfg->chrootdir);
-	}
 	if(cfg->directory && cfg->directory[0]) {
 		char* ad = fname_after_chroot(cfg->directory, cfg, 0);
 		if(!ad) fatal_exit("out of memory");




-- 
I'm not entirely sure you are real.