projects / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b64cf7b)
Configure landlock LSM security sandbox, but disabled by default
authorAndreas Dolp <dev@andreas-dolp.de>
Thu, 6 Nov 2025 16:36:49 +0000 (17:36 +0100)
committerAndreas Dolp <dev@andreas-dolp.de>
Thu, 6 Nov 2025 16:36:49 +0000 (17:36 +0100)
Forwarded: not-needed
Last-Update: 2025-09-21

Gbp-Pq: Name configure-landlock.patch

configure.ac patch | blob | history
suricata.yaml.in patch | blob | history

diff --git a/configure.ac b/configure.ac
index 77103e367b01dac1318d4fe103065397394a3670..08e34b8b6a497c7c49aa70f0efebed3b1555457c 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2518,6 +2518,7 @@ else
     EXPAND_VARIABLE(datadir, e_datarulesdir, "/suricata/rules")
     EXPAND_VARIABLE(localstatedir, e_sghcachedir, "/lib/suricata/cache/sgh")
     EXPAND_VARIABLE(localstatedir, e_datadir, "/lib/suricata/data")
+    EXPAND_VARIABLE(localstatedir, e_libdir, "/lib/suricata")
     EXPAND_VARIABLE(localstatedir, e_defaultruledir, "/lib/suricata/rules")
 
     e_abs_srcdir=$(cd $srcdir && pwd)
@@ -2534,6 +2535,7 @@ AC_SUBST(e_sghcachedir)
 AC_DEFINE_UNQUOTED([SGH_CACHE_DIR],["$e_sghcachedir"],[Directory path for signature group head cache])
 AC_SUBST(e_datadir)
 AC_DEFINE_UNQUOTED([DATA_DIR],["$e_datadir"],[Our DATA_DIR])
+AC_SUBST(e_libdir)
 AC_SUBST(e_magic_file)
 AC_SUBST(e_magic_file_comment)
 AC_SUBST(e_enable_evelog)
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 737d06abb7404dad9eab5857bcc5d17bebe7956d..e9302351571127015d2f23ee4e747031ab939493 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1312,8 +1312,8 @@ security:
   landlock:
     enabled: no
     directories:
-      #write:
-      #  - @e_rundir@
+      write:
+        - @e_libdir@
       # /usr and /etc folders are added to read list to allow
       # file magic to be used.
       read:
Unnamed repository; edit this file 'description' to name the repository.