diff --git a/src/detect-engine.c b/src/detect-engine.c index 8b833d9bdd..3df1d334f6 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -3979,13 +3979,10 @@ error: * Tenants and mappings are optional, and can also dynamically be added * and removed from the unix socket. */ -int DetectEngineMultiTenantSetup(void) +int DetectEngineMultiTenantSetup(const bool unix_socket) { enum DetectEngineTenantSelectors tenant_selector = TENANT_SELECTOR_UNKNOWN; DetectEngineMasterCtx *master = &g_master_de_ctx; - - int unix_socket = ConfUnixSocketIsEnable(); - int failure_fatal = 0; (void)ConfGetBool("engine.init-failure-fatal", &failure_fatal); diff --git a/src/detect-engine.h b/src/detect-engine.h index 9de9772650..1f93aabf1f 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -115,7 +115,7 @@ int DetectEngineReload(const SCInstance *suri); int DetectEngineEnabled(void); int DetectEngineMTApply(void); int DetectEngineMultiTenantEnabled(void); -int DetectEngineMultiTenantSetup(void); +int DetectEngineMultiTenantSetup(const bool unix_socket); int DetectEngineReloadStart(void); int DetectEngineReloadIsStart(void); diff --git a/src/suricata.c b/src/suricata.c index 4c4539649a..f85402c37d 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2504,7 +2504,7 @@ void PostConfLoadedDetectSetup(SCInstance *suri) int default_tenant = 0; if (mt_enabled) (void)ConfGetBool("multi-detect.default", &default_tenant); - if (DetectEngineMultiTenantSetup() == -1) { + if (DetectEngineMultiTenantSetup(suri->unix_socket_enabled) == -1) { FatalError(SC_ERR_FATAL, "initializing multi-detect " "detection engine contexts failed."); } @@ -2937,6 +2937,10 @@ int SuricataMain(int argc, char **argv) /* Re-enable coredumps after privileges are dropped. */ CoredumpEnable(); + if (suricata.run_mode != RUNMODE_UNIX_SOCKET && !suricata.disabled_detect) { + suricata.unix_socket_enabled = ConfUnixSocketIsEnable(); + } + PreRunPostPrivsDropInit(suricata.run_mode); LandlockSandboxing(&suricata); @@ -2956,7 +2960,7 @@ int SuricataMain(int argc, char **argv) RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name, suricata.capture_plugin_args); if (suricata.run_mode != RUNMODE_UNIX_SOCKET) { - UnixManagerThreadSpawnNonRunmode(); + UnixManagerThreadSpawnNonRunmode(suricata.unix_socket_enabled); } /* Wait till all the threads have been initialized */ diff --git a/src/suricata.h b/src/suricata.h index d559cd854c..36e2e58670 100644 --- a/src/suricata.h +++ b/src/suricata.h @@ -143,6 +143,7 @@ typedef struct SCInstance_ { bool system; bool set_logdir; bool set_datadir; + bool unix_socket_enabled; int delayed_detect; int disabled_detect; diff --git a/src/unix-manager.c b/src/unix-manager.c index c10e772473..a6fde27c96 100644 --- a/src/unix-manager.c +++ b/src/unix-manager.c @@ -132,7 +132,7 @@ static int UnixNew(UnixCommand * this) strlcpy(sockettarget, SOCKET_TARGET, sizeof(sockettarget)); check_dir = 1; } - SCLogInfo("Using unix socket file '%s'", sockettarget); + SCLogInfo("unix socket '%s'", sockettarget); if (check_dir) { struct stat stat_buf; @@ -1183,11 +1183,10 @@ void UnixManagerThreadSpawn(int mode) } // TODO can't think of a good name -void UnixManagerThreadSpawnNonRunmode(void) +void UnixManagerThreadSpawnNonRunmode(const bool unix_socket) { /* Spawn the unix socket manager thread */ - int unix_socket = ConfUnixSocketIsEnable(); - if (unix_socket == 1) { + if (unix_socket) { if (UnixManagerInit() == 0) { UnixManagerRegisterCommand("iface-stat", LiveDeviceIfaceStat, NULL, UNIX_CMD_TAKE_ARGS); @@ -1259,7 +1258,7 @@ void UnixSocketKillSocketThread(void) return; } -void UnixManagerThreadSpawnNonRunmode(void) +void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled) { return; } diff --git a/src/unix-manager.h b/src/unix-manager.h index 65857a65fd..960879b3cb 100644 --- a/src/unix-manager.h +++ b/src/unix-manager.h @@ -45,6 +45,6 @@ TmEcode UnixManagerRegisterBackgroundTask( #endif void TmModuleUnixManagerRegister(void); -void UnixManagerThreadSpawnNonRunmode(void); +void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled); #endif /* UNIX_MANAGER_H */