Re: Using capabilities for libpcap apps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
I was speaking about this with Rahul Sundaram and he pointed me to:
http://fedoraproject.org/wiki/Features/LowerProcessCapabilities

I would suggest using libpcap-ng rather than libpcap if it works.



Radek Vokál wrote:
> Hi all,
> 
>   I need few suggestions about this .. 
> https://blog.wireshark.org/2010/02/running-wireshark-as-you/ .. Gerald 
> Combs, the upstream maintainer of wireshark, suggests to use 
> capabilities instead of consolehelper+root privileges for 
> dumpcap/wireshark. It makes whole lot of sense, so I've looked if other 
> apps in Fedora are already using it and I haven't found any. Honestly 
> I'm not sure about right way to use them. The idea is to add something 
> like following to %post
> 
> # groupadd -g wireshark
> # chgrp wireshark /usr/bin/dumpcap
> # setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
> # setcap cap_net_raw,cap_net_admin+eip /usr/bin/tshark
> 
> Suggestions? Ideas? Spec file patches?
> 
> Any help is welcome.
> 
> Radek


- --
Regards,
Huzaifa Sidhpurwala, RHCE, CCNA (IRC: huzaifas)


GnuPG Fingerprint:
3A0F DAFB 9279 02ED 273B FFE9 CC70 DCF2 DA5B DAE5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org/

iD8DBQFLvCbzzHDc8tpb2uURAhmUAJ9m3DzIXyuF5Q87RsRTwWN94KZiYQCfQuAn
gPmMlJxwAKWCGyQJoCBbpSw=
=Wkq8
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux