test: pcap-log with lz4 write to non-writable directory

Ticket: #5022

diff --git a/tests/pcap-log-lz4-write/README.md b/tests/pcap-log-lz4-write/README.md
new file mode 100644 (file)
index 0000000..cd7ad83
--- /dev/null
+++ b/tests/pcap-log-lz4-write/README.md
@@ -0,0 +1,6 @@
+Test that Suricata will not crash if pcap-log is enabled with LZ4
+compression and a non-writable pcap-log directory.
+
+## Issue
+
+https://redmine.openinfosecfoundation.org/issues/5022

diff --git a/tests/pcap-log-lz4-write/suricata.yaml b/tests/pcap-log-lz4-write/suricata.yaml
new file mode 100644 (file)
index 0000000..0a02044
--- /dev/null
+++ b/tests/pcap-log-lz4-write/suricata.yaml
@@ -0,0 +1,21 @@
+%YAML 1.1
+---
+
+outputs:
+  - pcap-log:
+      enabled: yes
+      filename: log.pcap
+      compression: lz4
+      mode: normal
+      dir: pcap-log
+
+# Enable enging logging to JSON so we can verify it.
+logging:
+  outputs:
+    - console:
+        enabled: yes
+    - file:
+        enabled: yes
+        level: info
+        filename: eve.json
+        type: json

diff --git a/tests/pcap-log-lz4-write/test.yaml b/tests/pcap-log-lz4-write/test.yaml
new file mode 100644 (file)
index 0000000..0862233
--- /dev/null
+++ b/tests/pcap-log-lz4-write/test.yaml
@@ -0,0 +1,22 @@
+requires:
+  features:
+    - liblz4
+
+skip:
+  - uid: 0
+    msg: "Test requires non-root user"
+
+setup:
+  # Create a pcap-log directory without write permission
+  - script: |
+      rm -rf pcap-log
+      mkdir pcap-log
+      chmod 555 pcap-log
+      
+pcap: ../alert-testmyids/input.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        engine.message: "Error opening file for compressed output: Permission denied"