From 2bac4f10a565ca1e2ccddf2b247412efafa04d9d Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 5 Oct 2023 10:11:21 +0200
Subject: [PATCH] Services: Intrusion Detection: Administration - Improve
 locking during sqlite db creation a bit.

If we remove the file, others will keep bashing the inode. Truncating should prevent that from happening.
---
 src/opnsense/scripts/suricata/lib/rulecache.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/scripts/suricata/lib/rulecache.py b/src/opnsense/scripts/suricata/lib/rulecache.py
index 9bc244ab0..ab4ac2040 100755
--- a/src/opnsense/scripts/suricata/lib/rulecache.py
+++ b/src/opnsense/scripts/suricata/lib/rulecache.py
@@ -243,9 +243,13 @@ class RuleCache(object):
             fcntl.flock(lock, fcntl.LOCK_UN)
             return
 
-        # remove existing DB
+        # remove (truncate) existing DB
         if os.path.exists(self.cachefile):
-            os.remove(self.cachefile)
+            fhandle = open(self.cachefile, 'a+')
+            fhandle.seek(0)
+            fhandle.truncate()
+            fhandle.close()
+
 
         db = sqlite3.connect(self.cachefile)
         db.text_factory = lambda x: str(x, 'utf-8', 'ignore')