upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-02 12:59:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add AF_NETLINK to set of allowed socket address families

Browse source 
contrib/unbound{,_portable}.service.in:
With the changes introduced in f6a527c25a
it is now necessary to also allow access to the AF_NETLINK socket
address family to be able to get information from interfaces.

Without the AF_NETLINK address family the systemd service errors with:

```
error: failed to list interfaces: getifaddrs: Address family not
supported by protocol
```

Fixes #350
This commit is contained in:
David Runge 2020-11-21 14:10:39 +01:00
parent b891fe113c
commit c48f01445e
No known key found for this signature in database
GPG key ID: 54C28F4FF5A1A949
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
contrib/unbound.service.in
View file

@ -66,7 +66,7 @@ ProtectSystem=strict
RuntimeDirectory=unbound
ConfigurationDirectory=unbound
StateDirectory=unbound
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictRealtime=true
SystemCallArchitectures=native
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources

2
contrib/unbound_portable.service.in
View file

@ -38,7 +38,7 @@ ProtectSystem=strict
RuntimeDirectory=unbound
ConfigurationDirectory=unbound
StateDirectory=unbound
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictRealtime=true
SystemCallArchitectures=native
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources