From 38081b8be19b56b7298d5a01e7218b774759406c Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 2 Mar 2019 17:26:34 +0000
Subject: [PATCH] suricata: Run as non-root user

This patch does not have any effect (yet) and is untested
because suricata needs to be built against libcap-ng which
is currently not being packaged for IPFire.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/suricata/suricata.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 539ef38dd2..3b50157bf7 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -281,6 +281,15 @@ asn1-max-frames: 256
 ##
 ##############################################################################
 
+##
+## Run Options
+##
+
+# Run suricata as user and group.
+run-as:
+  user: suricata
+  group: suricata
+
 # Suricata core dump configuration. Limits the size of the core dump file to
 # approximately max-dump. The actual core dump size will be a multiple of the
 # page size. Core dumps that would be larger than max-dump are truncated. On
-- 
2.39.2