Error: threads: Unable to create thread with pthread_create(): retval 1: Operation not permitted

• Suricata version
  suricata-version: “7.0”

• Operating system and/or Linux distribution
  CentOS Linux release 7.9.2009 (Core)

• How you installed Suricata (from source, packages, something else)
  I am using container image of suricate.

Command:

root# podman run -d --name suricata --net=host --cap-add=net_admin --cap-add=net_raw --cap-add=sys_nice -v $(pwd)/logs:/var/log/suricata -v $(pwd)/etc:/etc/suricata jasonish/suricata:latest -i eth0

Problem:

I want to enable all logs like TCP, HTTP, UDP. I am not interested with alerting mechanism.

I enabled some logs but I couldn’t see any change files in logs/ directory. And I see this error message in suricata.log file:
…
[1 - Suricata-Main] 2024-01-13 20:17:25 Error: threads: Unable to create thread with pthread_create(): retval 1: Operation not permitted

I tried to set limit-noproc as false, but it didn’t help. Any suggestion?

You can find attached config file and suricata log file.
suricata.yaml (82.9 KB)
suricata.log (7.6 KB)

Hi there,

I’ve seen privs: dropped the caps for main thread in your suricata.log so it seems some security setting is enabled in your config. Are you sure you are using the provided suricata.yaml file?

Are you able to run Suricata in some other way?

You might need sys_resource for the security-related setting limit_nrpoc