[Oisf-users] running suricata 2.0 as a user results in syscall error

Andreas Herz andi at geekosphere.org
Mon Mar 31 07:58:25 UTC 2014


i updated to suricata 2.0 and it's working fine except one issue. I
tried to use the new feature to run suricata as another user.

suricata -c /etc/suricata/suricata.yaml -i eth0 -v --user=suricata

This results in the following warning:

<Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get
feature via ioctl: Operation not permitted (1)

Even using --user=root results in the same error.

The system is a redhat system with kernel and libcap-ng is
version 0.7.3.

I found that the related commit is from "regit":


So i checked if ethtool is working, and it is.

Since it's just a warning suricata is working as intended but i would
like to get rid of this warning.

Here is the strace ouput at this part:



Andreas Herz

More information about the Oisf-users mailing list