Overriding crs-setup.conf

[Ben-Atherton]

I am using this image but wish to override the crs-setup.conf file so that I can enable Application Specific Rule Exclusions, I have my docker-compose.yml file setup as below:

image: owasp/modsecurity-crs:v3.3.2-nginx
    container_name: nginx
    restart: unless-stopped
    volumes:
      - "./code:/code"
      - "./modsecurity/crs-setup.conf:/etc/modsecurity.d/owasp-crs/crs-setup.conf"

However the container goes into a reboot loop and the following errors are present in the logs:

sed: cannot rename /etc/modsecurity.d/owasp-crs/sedt1ZR5Z: Device or resource busy
sed: cannot rename /etc/modsecurity.d/owasp-crs/sedef3G25: Device or resource busy
sed: cannot rename /etc/modsecurity.d/owasp-crs/sedj26WEL: Device or resource busy
sed: cannot rename /etc/modsecurity.d/owasp-crs/sedu5ZwVq: Device or resource busy

Any ideas what I am doing wrong here or if this is a bug? There are no specific instructions in the readme about this.

Thanks in advance

[esencia]

Hi Ben, ¿Could you give me some advice about customizing the crs-setup.conf? I get the same 'Device or resource busy' error. Thanks!

[Ben-Atherton]

I'm not sure why I ended up closing this issue as it is something I am still experiencing, has anyone got any ideas?

[theseion]

The issue is that we use sed to modify rules. That doesn't work if you mount read-only (not sure whether mounting in general is an issue). We will need a way to disable this for your use case (e.g., an additional variable).

If you are providing a custom crs-setup.conf, I presume you don't need any of the variables that control paranoia level etc., correct? We could then call this "MANUAL_MODE" and ignore all those variables.

[Ben-Atherton]

That sounds like a good solution to me

[fzipi]

Sorry for the delay. #83 should fix this issue, with the new MANUAL_MODE.