net-analyzer/suricata: tweak the systemd unit a bit

Some of the ideas I picked up from
https://gist.github.com/stupidpupil/4edcbe2046b3b22c81c606efee0492d7 do
not quite work at present, namely:
 - limiting capabilities to CAP_NET_ADMIN causes problems e.g. when
   switching to an unprivileged user or while trying to load eBPF files.
   Just get rid of it;
 - suricata can now be launched just fine without Type=forking.

Moreover, /run is now used instead of /var/run in the unit file so that
systemd doesn't complain about the use of legacy paths.

No revbump because even the updated unit does not run out of the box due
to specifying neither an interface nor a mode of operations on the
command line.

Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Marek Szuba <marecki@gentoo.org>

1 files changed, 3 insertions, 5 deletions

diff --git a/net-analyzer/suricata/files/suricata.service b/net-analyzer/suricata/files/suricata.service
index 5e617388018f..294ec6373481 100644
--- a/net-analyzer/suricata/files/suricata.service
+++ b/net-analyzer/suricata/files/suricata.service
@@ -6,11 +6,9 @@ Documentation=man:suricata(8) man:suricatasc(8)
 Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki
 
 [Service]
-Type=forking
-Environment=OPTIONS='-c /etc/suricata/suricata.yaml'
-CapabilityBoundingSet=CAP_NET_ADMIN
-PIDFile=/var/run/suricata/suricata.pid
-ExecStart=/usr/bin/suricata --pidfile /var/run/suricata/suricata.pid $OPTIONS
+Environment=OPTIONS='-c /etc/suricata/suricata.yaml --af-packet'
+PIDFile=/run/suricata/suricata.pid
+ExecStart=/usr/bin/suricata --pidfile /run/suricata/suricata.pid $OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStop=/bin/kill $MAINPID
 PrivateTmp=yes