github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 08:32:12 +00:00
Code Issues Projects Releases Wiki Activity

fix(falco_service): falco service needs to write under /sys/module/falco

Browse Source 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
This commit is contained in:
Andrea Terzolo 2022-10-10 09:20:12 +00:00 committed by poiana
parent 5f2bc6a2d3
commit 48ce85f4da
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
scripts/debian/falco.service
View File

@ -17,6 +17,7 @@ NoNewPrivileges=yes
ProtectHome=read-only ProtectHome=read-only
ProtectSystem=full ProtectSystem=full
ProtectKernelTunables=true ProtectKernelTunables=true
ReadWritePaths=/sys/module
RestrictRealtime=true RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET RestrictAddressFamilies=~AF_PACKET

1
scripts/rpm/falco.service
View File

@ -17,6 +17,7 @@ NoNewPrivileges=yes
ProtectHome=read-only ProtectHome=read-only
ProtectSystem=full ProtectSystem=full
ProtectKernelTunables=true ProtectKernelTunables=true
ReadWritePaths=/sys/module
RestrictRealtime=true RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET RestrictAddressFamilies=~AF_PACKET
StandardOutput=null StandardOutput=null