Feature #6936: landlock: enable by default - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #6936

open

landlock: enable by default

Added by Victor Julien about 1 month ago. Updated about 1 month ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

Would like to see landlock be enabled by default where available. I think it could make sense for various parts of the engine to register the paths they indent to use (e.g. /var/run/suricata.socket) with the type of access they need.

It might make sense to allow runmodes or other parts of the engine to disable this. E.g. supporting DPDK seems tricky at this point, so perhaps it should create an exception while we figure out if/how it can be supported.

Related issues 2 (2 open — 0 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #6936

landlock: enable by default

Updated by Victor Julien about 1 month ago

Updated by Victor Julien about 1 month ago

Updated by Jason Ish about 1 month ago

	Related to Suricata - Bug #6933: dpdk: landlock support	New	OISF Dev				Actions
	Related to Suricata - Task #6952: ppa: run as a non-root user	Assigned	Peter Manev				Actions