From cfce0a5e60cbe4c11a52b6b084265dae437b05ec Mon Sep 17 00:00:00 2001
From: Maryse47 <41080948+Maryse47@users.noreply.github.com>
Date: Mon, 27 Jan 2020 13:46:31 +0100
Subject: [PATCH] unbound.service.in: add StateDirectory

State directory will be created under /var/lib/unbound and will be
useful for writing various files managed at runtime like trust
anchors updates there instead of in ConfigureDirectory which could
be made read-only next. For this chroot needs to be disabled.
---
 contrib/unbound.service.in          | 1 +
 contrib/unbound_portable.service.in | 1 +
 2 files changed, 2 insertions(+)

diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index d0e294213..b1211a4be 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -65,6 +65,7 @@ ProtectKernelModules=true
 ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
+StateDirectory=unbound
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictRealtime=true
 SystemCallArchitectures=native
diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in
index 53dc8701b..cbfc58f99 100644
--- a/contrib/unbound_portable.service.in
+++ b/contrib/unbound_portable.service.in
@@ -39,6 +39,7 @@ ProtectKernelModules=true
 ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
+StateDirectory=unbound
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictRealtime=true
 SystemCallArchitectures=native