[3/3] suricata.yaml: Fix Landlock path settings
Commit Message
Suricata will complain if it cannot read its own configuration file,
hence read-only access to /etc/suricata must be allowed. Since the list
applies to directories, rather than files, restricting read access to
only /usr/share/misc/magic.mgc is not possible; reading /usr/share/misc
must be allowed instead.
Fixes: #13645
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
config/suricata/suricata.yaml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
@@ -775,7 +775,8 @@ security:
# /usr and /etc folders are added to read list to allow
# file magic to be used.
read:
- - /usr/share/misc/magic.mgc
+ - /etc/suricata
+ - /usr/share/misc
- /usr/share/suricata
- /var/ipfire/suricata
- /var/lib/suricata