Using capabilities for libpcap apps
Serge E. Hallyn
serue at us.ibm.com
Fri Apr 9 13:13:42 UTC 2010
Quoting Radek Vokál (radekvokal at gmail.com):
> On 04/08/2010 10:49 PM, Steve Grubb wrote:
> > On Tuesday 06 April 2010 04:47:22 pm Radek Vokál wrote:
> >> I need few suggestions about this ..
> >> https://blog.wireshark.org/2010/02/running-wireshark-as-you/ .. Gerald
> >> Combs, the upstream maintainer of wireshark, suggests to use
> >> capabilities instead of consolehelper+root privileges for
> >> dumpcap/wireshark. It makes whole lot of sense, so I've looked if other
> >> apps in Fedora are already using it and I haven't found any. Honestly
> >> I'm not sure about right way to use them. The idea is to add something
> >> like following to %post
> >>
> >> # groupadd -g wireshark
> >> # chgrp wireshark /usr/bin/dumpcap
> >> # setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
> >> # setcap cap_net_raw,cap_net_admin+eip /usr/bin/tshark
> >>
> >> Suggestions? Ideas? Spec file patches?
> >
> > rpm supposedly has native support for capabilities. That would mean that you
> > don't need to call setcap.
> >
> > -Steve
> >
>
> Are there any docs for that? I haven't found any so far.
Thread starting here:
http://www.mail-archive.com/rpm-maint@lists.rpm.org/msg01015.html
-serge
More information about the devel
mailing list