$summary chgrp wireshark /tmp/portage/net-analyzer/wireshark-1.4.3/image//usr/bin/dumpcap /sbin/setcap cap_net_raw,cap_net_admin+eip /tmp/portage/net-analyzer/wireshark-1.4.3/image//usr/bin/dumpcap Failed to set capabilities on file `/tmp/portage/net-analyzer/wireshark-1.4.3/image//usr/bin/dumpcap' (Operation not supported) usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]
Did this actually fail compilation for you? Some filesystems do not provide posix security capabilities with some kernel configuration options. The message just means you do not get the extra security granularity for wireshark. ewarn from ebuild: * Failed to set capabilities. Probable reason is missed kernel support. * Kernel must have SECURITY_FILE_CAPABILITIES, and <FS>_FS_SECURITY * enabled (e.g. EXT3_FS_SECURITY) where <FS> is the filesystem to store * //usr/bin/dumpcap * * Falling back to suid now... * NOTE: To run wireshark as normal user you have to add yourself to * the wireshark group. This security measure ensures that only trusted * users are allowed to sniff your traffic.
(In reply to comment #1) > Did this actually fail compilation for you? > no > Some filesystems do not provide posix security capabilities with some kernel > configuration options. The message just means you do not get the extra security > granularity for wireshark. > > ewarn from ebuild: > * Failed to set capabilities. Probable reason is missed kernel support. > * Kernel must have SECURITY_FILE_CAPABILITIES, and <FS>_FS_SECURITY > * enabled (e.g. EXT3_FS_SECURITY) where <FS> is the filesystem to store > * //usr/bin/dumpcap > * > * Falling back to suid now... > * NOTE: To run wireshark as normal user you have to add yourself to > * the wireshark group. This security measure ensures that only trusted > * users are allowed to sniff your traffic. I have those options: amd64box ~ # grep SECURITY_FILE_CAPABILITIES /usr/src/linux/.config CONFIG_SECURITY_FILE_CAPABILITIES=y amd64box ~ # grep FS_SECURITY /usr/src/linux/.config CONFIG_EXT4_FS_SECURITY=y I use ext4
Do you also have PORTAGE_TMPDIR on fs that supports posix cababilities? ie. /tmp/portage/net-analyzer/wireshark-1.4.3/image//usr/bin/dumpcap I'm not an expert here but you may also want to paste your fstab.
(In reply to comment #3) > Do you also have PORTAGE_TMPDIR on fs that supports posix cababilities? > ie. My bad. I compile on tmpfs..so I close this as invalid. @emil thanks for help @pva Is implicit, but if you want, you can write on ewarn this issue with tmpfs :)
https://bugzilla.redhat.com/show_bug.cgi?id=648653 Actually this is message from `make install` target and portage will set capabilities at later stage by itself (see fcaps function in ebuild). So this message is just a warning and can be ignored.
