suricata.yaml: Fix Landlock path settings

Suricata will complain if it cannot read its own configuration file,
hence read-only access to /etc/suricata must be allowed. Since the list
applies to directories, rather than files, restricting read access to
only /usr/share/misc/magic.mgc is not possible; reading /usr/share/misc
must be allowed instead.

Fixes: #13645
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index b57a1d9d4990a98ac82b02b5c0a8036efde24665..faa1aa71d9d2317d0c665630a54764807db5fb40 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -775,7 +775,8 @@ security:
       # /usr and /etc folders are added to read list to allow
       # file magic to be used.
       read:
-        - /usr/share/misc/magic.mgc
+        - /etc/suricata
+        - /usr/share/misc
         - /usr/share/suricata
         - /var/ipfire/suricata
         - /var/lib/suricata