Project

General

Profile

Actions
Copy link

Feature #6936

open

landlock: enable by default

Added by Victor Julien about 1 year ago. Updated about 1 month ago.

Status:
New
Priority:
High
Assignee:
OISF Dev
Target version:
8.0.0-rc1
Effort:
Difficulty:
Label:

Description

Would like to see landlock be enabled by default where available. I think it could make sense for various parts of the engine to register the paths they indent to use (e.g. /var/run/suricata.socket) with the type of access they need.

It might make sense to allow runmodes or other parts of the engine to disable this. E.g. supporting DPDK seems tricky at this point, so perhaps it should create an exception while we figure out if/how it can be supported.

Related issues 4 (4 open0 closed)

Related to Suricata - Bug #6933: dpdk: landlock supportNewOISF DevActions
Related to Suricata - Task #6952: ppa: run as a non-root userIn ProgressPeter ManevActions
Related to Suricata - Bug #5704: Filestore is not working if landlock is enabledIn ProgressEric LeblondActions
Blocks Suricata - Story #7160: deployment: improve secure deploymentNewVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien about 1 year ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien about 1 year ago

  • Related to Bug #6933: dpdk: landlock support added
Actions
Copy link
 #3

Updated by Jason Ish about 1 year ago

  • Related to Task #6952: ppa: run as a non-root user added
Actions
Copy link
 #4

Updated by Victor Julien 10 months ago

  • Blocks Story #7160: deployment: improve secure deployment added
Actions
Copy link
 #5

Updated by Philippe Antoine 9 months ago

  • Related to Bug #5704: Filestore is not working if landlock is enabled added
Actions
Copy link
 #6

Updated by Victor Julien 4 months ago

  • Priority changed from Normal to High
Actions
Copy link
 #7

Updated by Victor Julien about 1 month ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link

Also available in: Atom PDF