On Tue, 3 Nov 2020 14:55:40 -0500
Mason Loring Bliss <mason@???> wrote:
> On Tue, Nov 03, 2020 at 12:24:35PM +0900, Simon Walter wrote:
> But yes. I'd found an issue where Unbound wasn't obeying service
> management in Devuan, and then that spiraled out into it being
> CVE-worthy. But for our purposes, unbound changes ownership if its
> PIDfile,
PIDfiles are not the right way to communicate with daemons. So all that
need be done is to install daemontools-encore, runit or s6, and start
Unbound from daemontools-encore, runit, or s6. Once you do that once,
you can start shifting more and more daemons to the superior method of
exec-based supervision rather than PIDfiles.
SteveT
Steve Litt
Autumn 2020 featured book: Thriving in Tough Times
http://www.troubleshooters.com/thrive