From f50995b5e688b7620b4341ad8d963506d34dc4e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20S=C3=A4nger?= <thomas@gecko.space>
Date: Sat, 19 Jan 2019 20:52:59 +0100
Subject: [PATCH 1/2] unbound: drop privileges after binding to port

---
 services/unbound/unbound.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/unbound/unbound.conf b/services/unbound/unbound.conf
index d54cbfbc..8abd4325 100644
--- a/services/unbound/unbound.conf
+++ b/services/unbound/unbound.conf
@@ -10,7 +10,7 @@ server:
   do-daemonize: no
   access-control: {{ SUBNET }} allow
   directory: "/etc/unbound"
-  username: root
+  username: unbound
   auto-trust-anchor-file: trusted-key.key
   root-hints: "/etc/unbound/root.hints"
   hide-identity: yes

From bb5852cc1ca639b06384e79340c18efe318fc1fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20S=C3=A4nger?= <thomas@gecko.space>
Date: Sat, 19 Jan 2019 20:56:33 +0100
Subject: [PATCH 2/2] add unbound priv-drop to changelog

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6ef773a2..c50806f5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ Notable changes to this project are documented in the current file. For more
 details about individual changes, see the Git log. You should read this before
 upgrading Freposte.io as some changes will include useful notes.
 
+v1.6.1 - unreleased
+-------------------
+- Enhancement: Make Unbound drop privileges after binding to port
+
 v1.6.0 - 2019-01-18
 -------------------