disable chroot in the default config

With chroot enabled (the default):
– the auto trust anchor file /var/lib/unbound/root.key is not available
– unbound has no access to /dev/random for entropy source

I don't think those problems can be solved in an elegant way and don't
think there is a big risk running this without a chroot.

chroot can always be enabled in a custom configuration

diff --git a/unbound.spec b/unbound.spec
index 724c56cc01295bb8589e17f0f4f52a1469acdebd..df4bd9b125d1ecacf37ca58b7bd60aad163d16e7 100644 (file)
--- a/unbound.spec
+++ b/unbound.spec
@@ -117,6 +117,7 @@ Pythonowy interfejs do biblioteki unbound.
 %configure \
        %{?with_python:--with-pyunbound} \
        --with-pidfile=/run/%{name}.pid \
+       --with-chroot-dir="" \
        --with-conf-file=%{_sysconfdir}/%{name}/%{name}.conf \
        --with-rootkey-file=/var/lib/%{name}/root.key \
        --with-rootcert-file=%{_sysconfdir}/%{name}/icannbundle.pem