Closed ManofWax closed 4 years ago
The latest version of this container does not create a pid file. Are you running an older version? Or have you modified it to drop a configuration file?
Hello, yes you are right I did some tests and in one of those I've set the pid
in the configuration file, and forgot to remove it.
I've just re-tested right now disabling that setting and it worked like a charm. Sorry for wasting your time :)
While we are there do you think your container is suitable for production? I left it runnig with --af-packet
for a day and it looks rock solid.
If you really need a pid file, keep in mind that if Suricata drops privileges (as this docker container will do by default provided the container as the required capabilities), Suricata is unable to cleanup the pid file itself as its owned by root. On research of this, it appears to be the correct "unix" thing to do. The systemd unit file we ship is smart enough to deal with, but this container doesn't use systemd.
One issue you might run into when using a pidfile, is that a stop and start of a container will lead to this stale pid file error.
While we are there do you think your container is suitable for production? I left it runnig with
--af-packet
for a day and it looks rock solid.
I don't see why its any less suitable than a package provided by a distribution and my default choice of build options satisfies your needs (I may add more build options by default). The images are also rebuilt nightly using Github Actions to make sure they are always based on the most recent base image with all updates, etc.
Hello I've got the following error message when running the container with
docker-compose
:I've found a work around by adding on
docker-entrypoint.sh
the following command:But it will not work if the user specifies a different
.pid
file. Is there a better solution?