Using capabilities for libpcap apps
huzaifas at redhat.com
Wed Apr 7 06:32:19 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
I was speaking about this with Rahul Sundaram and he pointed me to:
I would suggest using libpcap-ng rather than libpcap if it works.
Radek Vokál wrote:
> Hi all,
> I need few suggestions about this ..
> https://blog.wireshark.org/2010/02/running-wireshark-as-you/ .. Gerald
> Combs, the upstream maintainer of wireshark, suggests to use
> capabilities instead of consolehelper+root privileges for
> dumpcap/wireshark. It makes whole lot of sense, so I've looked if other
> apps in Fedora are already using it and I haven't found any. Honestly
> I'm not sure about right way to use them. The idea is to add something
> like following to %post
> # groupadd -g wireshark
> # chgrp wireshark /usr/bin/dumpcap
> # setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
> # setcap cap_net_raw,cap_net_admin+eip /usr/bin/tshark
> Suggestions? Ideas? Spec file patches?
> Any help is welcome.
Huzaifa Sidhpurwala, RHCE, CCNA (IRC: huzaifas)
3A0F DAFB 9279 02ED 273B FFE9 CC70 DCF2 DA5B DAE5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the devel