-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I was speaking about this with Rahul Sundaram and he pointed me to: http://fedoraproject.org/wiki/Features/LowerProcessCapabilities I would suggest using libpcap-ng rather than libpcap if it works. Radek Vokál wrote: > Hi all, > > I need few suggestions about this .. > https://blog.wireshark.org/2010/02/running-wireshark-as-you/ .. Gerald > Combs, the upstream maintainer of wireshark, suggests to use > capabilities instead of consolehelper+root privileges for > dumpcap/wireshark. It makes whole lot of sense, so I've looked if other > apps in Fedora are already using it and I haven't found any. Honestly > I'm not sure about right way to use them. The idea is to add something > like following to %post > > # groupadd -g wireshark > # chgrp wireshark /usr/bin/dumpcap > # setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap > # setcap cap_net_raw,cap_net_admin+eip /usr/bin/tshark > > Suggestions? Ideas? Spec file patches? > > Any help is welcome. > > Radek - -- Regards, Huzaifa Sidhpurwala, RHCE, CCNA (IRC: huzaifas) GnuPG Fingerprint: 3A0F DAFB 9279 02ED 273B FFE9 CC70 DCF2 DA5B DAE5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org/ iD8DBQFLvCbzzHDc8tpb2uURAhmUAJ9m3DzIXyuF5Q87RsRTwWN94KZiYQCfQuAn gPmMlJxwAKWCGyQJoCBbpSw= =Wkq8 -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel