From 4a20baa6a85a7312dd8d2e706fa637d19a1c213f Mon Sep 17 00:00:00 2001
From: Lukas Sismis <lsismis@oisf.net>
Date: Wed, 26 Mar 2025 19:52:29 +0700
Subject: [PATCH] landlock: add read/write permission to MPM cache directory

---
 src/util-landlock.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/util-landlock.c b/src/util-landlock.c
index fcc46a0d8f..27c01427f9 100644
--- a/src/util-landlock.c
+++ b/src/util-landlock.c
@@ -22,6 +22,7 @@
  */
 
 #include "suricata.h"
+#include "detect-engine.h"
 #include "feature.h"
 #include "util-conf.h"
 #include "util-file.h"
@@ -201,6 +202,10 @@ void LandlockSandboxing(SCInstance *suri)
         LandlockSandboxingAddRule(ruleset, ConfigGetDataDirectory(),
                 _LANDLOCK_SURI_ACCESS_FS_WRITE | _LANDLOCK_ACCESS_FS_READ);
     }
+    if (DetectEngineMpmCachingEnabled() && stat(DetectEngineMpmCachingGetPath(), &sb) == 0) {
+        LandlockSandboxingAddRule(ruleset, DetectEngineMpmCachingGetPath(),
+                _LANDLOCK_SURI_ACCESS_FS_WRITE | _LANDLOCK_ACCESS_FS_READ);
+    }
     if (suri->run_mode == RUNMODE_PCAP_FILE) {
         const char *pcap_file;
         if (ConfGet("pcap-file.file", &pcap_file) == 1) {
-- 
2.47.3