Project

General

Profile

Actions

Bug #361

closed

AF_PACKET fails to initialize when running with limited privileges

Added by Doug Burks almost 13 years ago. Updated almost 13 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If I run Suricata with AF_PACKET as shown below, everything is fine:
suricata -c /etc/suricata/suricata.yaml --af-packet=eth0

However, if I tell Suricata to drop to a non-root user like this:
suricata --user sguil --group sguil -c /etc/suricata/suricata.yaml --af-packet=eth0

it drops the capabilities and then AF_PACKET fails to initialize.

Should Suricata initialize AF_PACKET first, and then drop capabilities?


Files

Actions

Also available in: Atom PDF