Using capabilities for libpcap apps
Radek Vokál
radekvokal at gmail.com
Fri Apr 9 07:30:17 UTC 2010
On 04/08/2010 10:49 PM, Steve Grubb wrote:
> On Tuesday 06 April 2010 04:47:22 pm Radek Vokál wrote:
>> I need few suggestions about this ..
>> https://blog.wireshark.org/2010/02/running-wireshark-as-you/ .. Gerald
>> Combs, the upstream maintainer of wireshark, suggests to use
>> capabilities instead of consolehelper+root privileges for
>> dumpcap/wireshark. It makes whole lot of sense, so I've looked if other
>> apps in Fedora are already using it and I haven't found any. Honestly
>> I'm not sure about right way to use them. The idea is to add something
>> like following to %post
>>
>> # groupadd -g wireshark
>> # chgrp wireshark /usr/bin/dumpcap
>> # setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
>> # setcap cap_net_raw,cap_net_admin+eip /usr/bin/tshark
>>
>> Suggestions? Ideas? Spec file patches?
>
> rpm supposedly has native support for capabilities. That would mean that you
> don't need to call setcap.
>
> -Steve
>
Are there any docs for that? I haven't found any so far.
Radek
More information about the devel
mailing list