Project

General

Profile

Actions
Copy link

Feature #6936

open

landlock: enable by default

Added by Victor Julien 7 months ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Would like to see landlock be enabled by default where available. I think it could make sense for various parts of the engine to register the paths they indent to use (e.g. /var/run/suricata.socket) with the type of access they need.

It might make sense to allow runmodes or other parts of the engine to disable this. E.g. supporting DPDK seems tricky at this point, so perhaps it should create an exception while we figure out if/how it can be supported.

Related issues 4 (4 open0 closed)

Related to Suricata - Bug #6933: dpdk: landlock supportNewOISF DevActions
Related to Suricata - Task #6952: ppa: run as a non-root userAssignedPeter ManevActions
Related to Suricata - Bug #5704: Filestore is not working if landlock is enabledIn ProgressEric LeblondActions
Blocks Suricata - Story #7160: deployment: improve secure deploymentNewVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien 7 months ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien 7 months ago

  • Related to Bug #6933: dpdk: landlock support added
Actions
Copy link
 #3

Updated by Jason Ish 7 months ago

  • Related to Task #6952: ppa: run as a non-root user added
Actions
Copy link
 #4

Updated by Victor Julien 4 months ago

  • Blocks Story #7160: deployment: improve secure deployment added
Actions
Copy link
 #5

Updated by Philippe Antoine 3 months ago

  • Related to Bug #5704: Filestore is not working if landlock is enabled added
Actions
Copy link

Also available in: Atom PDF