Error: threads: Unable to create thread with pthread_create(): retval 1: Operation not permitted

Mucitgizmo · January 13, 2024, 8:26pm

Suricata version
suricata-version: “7.0”

Operating system and/or Linux distribution
CentOS Linux release 7.9.2009 (Core)

How you installed Suricata (from source, packages, something else)
I am using container image of suricate.

Command:

root# podman run -d --name suricata --net=host --cap-add=net_admin --cap-add=net_raw --cap-add=sys_nice -v $(pwd)/logs:/var/log/suricata -v $(pwd)/etc:/etc/suricata jasonish/suricata:latest -i eth0

Problem:

I want to enable all logs like TCP, HTTP, UDP. I am not interested with alerting mechanism.

I enabled some logs but I couldn’t see any change files in logs/ directory. And I see this error message in suricata.log file:
…
[1 - Suricata-Main] 2024-01-13 20:17:25 Error: threads: Unable to create thread with pthread_create(): retval 1: Operation not permitted

I tried to set limit-noproc as false, but it didn’t help. Any suggestion?

You can find attached config file and suricata log file.
suricata.yaml (82.9 KB)
suricata.log (7.6 KB)

lukashino · January 18, 2024, 7:34pm

Hi there,

I’ve seen privs: dropped the caps for main thread in your suricata.log so it seems some security setting is enabled in your config. Are you sure you are using the provided suricata.yaml file?

Are you able to run Suricata in some other way?

Jeff_Lucovsky · January 25, 2024, 6:07pm

You might need sys_resource for the security-related setting limit_nrpoc

Topic		Replies	Views
Failure when trying to set feature via ioctl Help	3	2742	October 6, 2020
[ERRCODE: SC_ERR_LOGDIR_CONFIG(116)] - (default-log-dir) is not writable Help	4	1729	April 22, 2022
Default Configuration error - stalls Help	1	443	December 4, 2022
Failed to setup thread module Help	1	298	January 30, 2021
Error Starting Suricata Help	8	181	January 15, 2024

Error: threads: Unable to create thread with pthread_create(): retval 1: Operation not permitted

Related Topics