From 48ce85f4da623f41f565247e1e3ee519eaa99b70 Mon Sep 17 00:00:00 2001
From: Andrea Terzolo <andrea.terzolo@polito.it>
Date: Mon, 10 Oct 2022 09:20:12 +0000
Subject: [PATCH] fix(falco_service): falco service needs to write under
 `/sys/module/falco`

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
---
 scripts/debian/falco.service | 1 +
 scripts/rpm/falco.service    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/scripts/debian/falco.service b/scripts/debian/falco.service
index 35ae6ba8..d86401b0 100644
--- a/scripts/debian/falco.service
+++ b/scripts/debian/falco.service
@@ -17,6 +17,7 @@ NoNewPrivileges=yes
 ProtectHome=read-only
 ProtectSystem=full
 ProtectKernelTunables=true
+ReadWritePaths=/sys/module
 RestrictRealtime=true
 RestrictAddressFamilies=~AF_PACKET
 
diff --git a/scripts/rpm/falco.service b/scripts/rpm/falco.service
index ede6c2e3..29894e41 100644
--- a/scripts/rpm/falco.service
+++ b/scripts/rpm/falco.service
@@ -17,6 +17,7 @@ NoNewPrivileges=yes
 ProtectHome=read-only
 ProtectSystem=full
 ProtectKernelTunables=true
+ReadWritePaths=/sys/module
 RestrictRealtime=true
 RestrictAddressFamilies=~AF_PACKET
 StandardOutput=null