remove restriction of mmap locked on suricata ulimits

2026-03-24 13:32:37 +01:00 · 2026-03-19 09:42:39 -04:00
parent a982056363
commit cceaebe350
2 changed files with 2 additions and 6 deletions
--- a/salt/docker/defaults.yaml
+++ b/salt/docker/defaults.yaml
@@ -216,10 +216,7 @@ docker:
      custom_bind_mounts: []
      extra_hosts: []
      extra_env: []
-      ulimits:
-        - name: memlock
-          soft: 524288000
-          hard: 524288000
+      ulimits: []
    'so-zeek':
      final_octet: 99
      custom_bind_mounts: []
--- a/salt/suricata/enabled.sls
+++ b/salt/suricata/enabled.sls
@@ -25,8 +25,7 @@ so-suricata:
      - {{ XTRAENV }}
        {% endfor %}
      {% endif %}
-    {# we look at SURICATAMERGED.config['af-packet'][0] since we only allow one interface and therefore always the first list item #}
-    {% if SURICATAMERGED.config['af-packet'][0]['mmap-locked'] == "yes" and DOCKERMERGED.containers['so-suricata'].ulimits %}
+    {% if DOCKERMERGED.containers['so-suricata'].ulimits %}
    - ulimits:
    {%   for ULIMIT in DOCKERMERGED.containers['so-suricata'].ulimits %}
      - {{ ULIMIT.name }}={{ ULIMIT.soft }}:{{ ULIMIT.hard }}