My config is:
remote-control: control-enable: yes control-interface: /var/run/unbound.ctl
The socket created, but then, unbound can't properly change the owner to unbound:unbound.
Feb 21 13:08:21 linux-agent systemd[1]: Starting Unbound DNS server... Feb 21 13:08:22 linux-agent unbound[6486]: [1519214902] unbound[6486:0] error: cannot chown 114.125 /var/run/unbound.ctl: Operation not permitted
If the apparmor profile is changed to allow chown, it raise a second issue which is that unbound can't properly set permissions on the socket:
Feb 21 13:10:37 linux-agent audit[6788]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/unbound" pid=6788 comm="unbound" capability=3 capname="fowner"
My config is:
remote-control: unbound. ctl
control-enable: yes
control-interface: /var/run/
The socket created, but then, unbound can't properly change the owner to unbound:unbound.
Feb 21 13:08:21 linux-agent systemd[1]: Starting Unbound DNS server... unbound. ctl: Operation not permitted
Feb 21 13:08:22 linux-agent unbound[6486]: [1519214902] unbound[6486:0] error: cannot chown 114.125 /var/run/
If the apparmor profile is changed to allow chown, it raise a second issue which is that unbound can't properly set permissions on the socket:
Feb 21 13:10:37 linux-agent audit[6788]: AVC apparmor="DENIED" operation="capable" profile= "/usr/sbin/ unbound" pid=6788 comm="unbound" capability=3 capname="fowner"