With chroot enabled (the default):
– the auto trust anchor file /var/lib/unbound/root.key is not available
– unbound has no access to /dev/random for entropy source
I don't think those problems can be solved in an elegant way and don't
think there is a big risk running this without a chroot.
chroot can always be enabled in a custom configuration
%configure \
%{?with_python:--with-pyunbound} \
--with-pidfile=/run/%{name}.pid \
+ --with-chroot-dir="" \
--with-conf-file=%{_sysconfdir}/%{name}/%{name}.conf \
--with-rootkey-file=/var/lib/%{name}/root.key \
--with-rootcert-file=%{_sysconfdir}/%{name}/icannbundle.pem