From cceaebe3502f12d055ad5fbf83b288299d01f948 Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Thu, 19 Mar 2026 09:42:39 -0400
Subject: [PATCH] remove restriction of mmap locked on suricata ulimits

---
 salt/docker/defaults.yaml | 5 +----
 salt/suricata/enabled.sls | 3 +--
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml
index ce596616f..044ec98b0 100644
--- a/salt/docker/defaults.yaml
+++ b/salt/docker/defaults.yaml
@@ -216,10 +216,7 @@ docker:
       custom_bind_mounts: []
       extra_hosts: []
       extra_env: []
-      ulimits:
-        - name: memlock
-          soft: 524288000
-          hard: 524288000
+      ulimits: []
     'so-zeek':
       final_octet: 99
       custom_bind_mounts: []
diff --git a/salt/suricata/enabled.sls b/salt/suricata/enabled.sls
index 84f172c0d..d9d7f32ae 100644
--- a/salt/suricata/enabled.sls
+++ b/salt/suricata/enabled.sls
@@ -25,8 +25,7 @@ so-suricata:
       - {{ XTRAENV }}
         {% endfor %}
       {% endif %}
-    {# we look at SURICATAMERGED.config['af-packet'][0] since we only allow one interface and therefore always the first list item #}
-    {% if SURICATAMERGED.config['af-packet'][0]['mmap-locked'] == "yes" and DOCKERMERGED.containers['so-suricata'].ulimits %}
+    {% if DOCKERMERGED.containers['so-suricata'].ulimits %}
     - ulimits:
     {%   for ULIMIT in DOCKERMERGED.containers['so-suricata'].ulimits %}
       - {{ ULIMIT.name }}={{ ULIMIT.soft }}:{{ ULIMIT.hard }}