Before this revision, there used to be a message informing me of "fallback to suid". Has xattr support become a requirement? >>> Messages generated by process 1655 on 2013-02-12 07:40:05 CET for package net-analyzer/wireshark-1.8.5-r1: WARN: postinst Could not set caps on '//usr/bin/dumpcap' due to missing filesystem support. Make sure you enable XATTR support for 'reiserfs' in your kernel. You might also have to enable the relevant FS_SECURITY option. NOTE: To run wireshark as normal user you have to add yourself to the wireshark group. This security measure ensures that only trusted users are allowed to sniff your traffic. Reproducible: Always
I forgot to add that I am now unable to run Wireshark as non-root. There are no network interfaces visible in the interface selection lists.
Did you add yourself to the wireshark group?
Yes, I am. Note that I have been using the wireshark ebuilds on the system in question for years. And it just now fails. Meanwhile, at home, I am also running 1.8.5-r1, without any problems. Could you help me investigate what is going on at work? What kind of other feedback could be of help?
(In reply to comment #1) > I forgot to add that I am now unable to run Wireshark as non-root. How is the above statement linked to the one below? > There are no network interfaces visible in the interface selection lists. Is it the case that you cannot see network interfaces but you can actually run wireshark as non-root? If so, then what are your network interfaces called?
I can run the wireshark GUI as non-root, but no interfaces are available for capture. Not the "regular" networking interfaces (ETHWAN, VDSL, LAB, wwan0, lo), nor the USB monitoring interfaces.
I downgraded to 1.8.5, works perfectly, network interfaces are visible. [binary U ] net-analyzer/wireshark-1.8.5-r1:0/1.8.5 [1.8.5:0/0] USE="filecaps%* gtk ipv6 pcap ssl zlib -adns -crypt -doc -doc-pdf -geoip -kerberos -libadns -lua -portaudio -profile -python (-selinux) -smi (-caps%*)" 0 kB 1.8.5: -r-sr-x--- 1 root wireshark 80960 Jan 30 04:43 /usr/bin/dumpcap 1.8.5-r1: -r-xr-x--- 1 root wireshark 80960 Feb 13 15:40 /usr/bin/dumpcap Any particular reason there is no "setuid fallback" anymore?
I missed some bits in trying to fix bug #454770, it seems.
Could you try again with 1.8.5-r1 or 1.9.0, please?
Same problem with wireshark-1.9.0.ebuild. What behavior would you expect? It is true that my file system does not support extended attributes. The old ebuild would fall back to using a setuid bit. You seem to have removed that code from the ebuild. Is there more to it?
Ah yes, the fcaps function in the -r0 ebuild does something extra. Could you test this, then? If I'm correct, -m sets the fallback mode in case USE=-filecaps, which seems nice: Index: wireshark-1.6.13-r1.ebuild =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.6.13-r1.ebuild,v retrieving revision 1.2 diff -u -B -r1.2 wireshark-1.6.13-r1.ebuild --- wireshark-1.6.13-r1.ebuild 22 Feb 2013 17:19:09 -0000 1.2 +++ wireshark-1.6.13-r1.ebuild 25 Feb 2013 15:29:29 -0000 @@ -189,7 +189,7 @@ enewgroup wireshark if use pcap; then - fcaps -o 0 -g wireshark -m 0750 -M 550 \ + fcaps -o 0 -g wireshark -m 4750 -M 550 \ cap_dac_read_search,cap_net_raw,cap_net_admin \ "${EROOT}"/usr/bin/dumpcap fi Index: wireshark-1.8.5-r1.ebuild =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.8.5-r1.ebuild,v retrieving revision 1.2 diff -u -B -r1.2 wireshark-1.8.5-r1.ebuild --- wireshark-1.8.5-r1.ebuild 22 Feb 2013 18:18:03 -0000 1.2 +++ wireshark-1.8.5-r1.ebuild 25 Feb 2013 15:29:29 -0000 @@ -197,7 +197,7 @@ enewgroup wireshark if use pcap; then - fcaps -o 0 -g wireshark -m 0750 -M 0750 \ + fcaps -o 0 -g wireshark -m 4750 -M 0750 \ cap_dac_read_search,cap_net_raw,cap_net_admin \ "${EROOT}"/usr/bin/dumpcap fi Index: wireshark-1.9.0.ebuild =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.9.0.ebuild,v retrieving revision 1.6 diff -u -B -r1.6 wireshark-1.9.0.ebuild --- wireshark-1.9.0.ebuild 22 Feb 2013 18:28:26 -0000 1.6 +++ wireshark-1.9.0.ebuild 25 Feb 2013 15:29:29 -0000 @@ -197,7 +197,7 @@ enewgroup wireshark if use pcap; then - fcaps -o 0 -g wireshark -m 0750 -M 0750 \ + fcaps -o 0 -g wireshark -m 4750 -M 0750 \ cap_dac_read_search,cap_net_raw,cap_net_admin \ "${EROOT}"/usr/bin/dumpcap fi
-rwsr-x--- 1 root wireshark 93664 Feb 25 17:11 /usr/bin/dumpcap Not sure why you would want it to be writeable though
(In reply to comment #11) > -rwsr-x--- 1 root wireshark 93664 Feb 25 17:11 /usr/bin/dumpcap That looks alright. I assume it works as expected now? > Not sure why you would want it to be writeable though It's quite common. :)
Fixed in tree