webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

suricata.yaml: Fix Landlock path settings

Browse Source 
Suricata will complain if it cannot read its own configuration file,
hence read-only access to /etc/suricata must be allowed. Since the list
applies to directories, rather than files, restricting read access to
only /usr/share/misc/magic.mgc is not possible; reading /usr/share/misc
must be allowed instead.

Fixes: #13645
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Peter Müller
2024-04-22 16:44:00 +00:00
committed by Arne Fitzenreiter
parent 3358151c85
commit 464b2117ea
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/suricata/suricata.yaml
View File

@@ -775,7 +775,8 @@ security:
# /usr and /etc folders are added to read list to allow
# file magic to be used.
read:
- /usr/share/misc/magic.mgc
- /etc/suricata
- /usr/share/misc
- /usr/share/suricata
- /var/ipfire/suricata
- /var/lib/suricata