public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wireshark: build with libcap (POSIX capabilities)

Browse Source 
This makes running wireshark (or more specifically, dumpcap) as root a
bit more secure. From <wireshark-1.11.2>/doc/README.packaging:

  The "--with-libcap" option is only useful when dumpcap is installed
  setuid. If it is enabled dumpcap will try to drop any setuid privileges
  it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
  capabilities. It is enabled by default, if the Linux capabilities
  library (on which it depends) is found.
This commit is contained in:
Bjørn Forsman 2014-04-20 18:15:42 +02:00
parent 7d1ddae58e
commit 27477f1fac
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkgs/applications/networking/sniffers/wireshark/default.nix
View File

@ -1,5 +1,6 @@
{ stdenv, fetchurl, pkgconfig, perl, flex, bison, libpcap, libnl, c-ares { stdenv, fetchurl, pkgconfig, perl, flex, bison, libpcap, libnl, c-ares
, gnutls, libgcrypt, geoip, heimdal, lua5, gtk, makeDesktopItem, python , gnutls, libgcrypt, geoip, heimdal, lua5, gtk, makeDesktopItem, python
, libcap
}: }:
let version = "1.11.2"; in let version = "1.11.2"; in
@ -14,7 +15,7 @@ stdenv.mkDerivation {
buildInputs = [ buildInputs = [
bison flex perl pkgconfig libpcap lua5 heimdal libgcrypt gnutls bison flex perl pkgconfig libpcap lua5 heimdal libgcrypt gnutls
geoip libnl c-ares gtk python geoip libnl c-ares gtk python libcap
]; ];
preConfigure = '' preConfigure = ''