Using capabilities for libpcap apps
Radek Vokál
radekvokal at gmail.com
Tue Apr 6 20:47:22 UTC 2010
Hi all,
I need few suggestions about this ..
https://blog.wireshark.org/2010/02/running-wireshark-as-you/ .. Gerald
Combs, the upstream maintainer of wireshark, suggests to use
capabilities instead of consolehelper+root privileges for
dumpcap/wireshark. It makes whole lot of sense, so I've looked if other
apps in Fedora are already using it and I haven't found any. Honestly
I'm not sure about right way to use them. The idea is to add something
like following to %post
# groupadd -g wireshark
# chgrp wireshark /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+eip /usr/bin/tshark
Suggestions? Ideas? Spec file patches?
Any help is welcome.
Radek
More information about the devel
mailing list