Actions
Feature #6936
openlandlock: enable by default
Effort:
Difficulty:
Label:
Description
Would like to see landlock be enabled by default where available. I think it could make sense for various parts of the engine to register the paths they indent to use (e.g. /var/run/suricata.socket) with the type of access they need.
It might make sense to allow runmodes or other parts of the engine to disable this. E.g. supporting DPDK seems tricky at this point, so perhaps it should create an exception while we figure out if/how it can be supported.
Updated by Victor Julien about 1 year ago
- Related to Bug #6933: dpdk: landlock support added
Updated by Jason Ish about 1 year ago
- Related to Task #6952: ppa: run as a non-root user added
Updated by Victor Julien 11 months ago
- Blocks Story #7160: deployment: improve secure deployment added
Updated by Philippe Antoine 10 months ago
- Related to Bug #5704: Filestore is not working if landlock is enabled added
Updated by Victor Julien about 2 months ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Updated by Victor Julien 12 days ago
- Priority changed from High to Normal
- Target version changed from 8.0.0-rc1 to 9.0.0-beta1
For 8.0.0 will stick to improving docs.
Actions