Project

General

Profile

Actions
Copy link

Feature #6936

open

landlock: enable by default

Added by Victor Julien 18 days ago. Updated 18 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Would like to see landlock be enabled by default where available. I think it could make sense for various parts of the engine to register the paths they indent to use (e.g. /var/run/suricata.socket) with the type of access they need.

It might make sense to allow runmodes or other parts of the engine to disable this. E.g. supporting DPDK seems tricky at this point, so perhaps it should create an exception while we figure out if/how it can be supported.

Related issues 2 (2 open0 closed)

Related to Suricata - Bug #6933: dpdk: landlock supportNewOISF DevActions
Related to Suricata - Task #6952: ppa: run as a non-root userAssignedPeter ManevActions
Actions
Copy link
 #1

Updated by Victor Julien 18 days ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien 18 days ago

  • Related to Bug #6933: dpdk: landlock support added
Actions
Copy link
 #3

Updated by Jason Ish 17 days ago

  • Related to Task #6952: ppa: run as a non-root user added
Actions
Copy link

Also available in: Atom PDF