Comment # 1 on bug 982145 from 
FYI: This bug was brought to you by AppArmor ;-)  Yes, seriously - this started
on the upstream AppArmor mailinglist where we are testing an AppArmor profile
for unbound.

I found this bug after    Simon Deziel gave me a hint to try chroot, and after
I told him about this bugreport, he came up with a useful reply:

-----------------------------------------------------------------------------
We've been through something similar on Debian/Ubuntu. The solution was
to augment the init script to setup the chroot then pass the in-chroot
path of the config file to unbound-checkconf.

The Debian maintainer has written a helper script [1] to factor this out
of the init script. Adding a "check_config" action to it would probably
make it suitable for reuse in your systemd unit.

1:
https://anonscm.debian.org/cgit/pkg-dns/unbound.git/tree/debian/package-helper
-----------------------------------------------------------------------------

HTH ;-)

If you want to test the AppArmor profile, you can find it at
http://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/view/head:/ubuntu/16.10/usr.sbin.unbound
(copy it to /etc/apparmor.d and run "rcapparmor reload; rcunbound restart" to
enable it)

You are receiving this mail because: