GNU bug report logs - #78179
[PATCH 0/4] Add wireshark-service-type with privileged wrapper

Previous Next

Package: guix-patches;

Reported by: Rutherther <rutherther <at> ditigal.xyz>

Date: Thu, 1 May 2025 08:28:01 UTC

Severity: normal

Tags: patch

Full log

View this message in rfc822 format

From: Rutherther <rutherther <at> ditigal.xyz>
To: 78179 <at> debbugs.gnu.org
Cc: Rutherther <rutherther <at> ditigal.xyz>
Subject: [bug#78179] [PATCH 4/4] services: Add wireshark-service-type.
Date: Thu,  1 May 2025 10:29:37 +0200

Adds wireshark service that puts wireshark to the profile and dumpcap to
privileged programs so that any user can use wireshark on the system.

* gnu/services/networking.scm (wireshark-configuration): New variable.
* gnu/services/networking.scm (wireshark-privileged-program): New variable.
* gnu/services/networking.scm (wireshark-service-type): New variable.

Change-Id: Id4b0ce02fecc43592784bf22aaafa83b63c599d4
---
 gnu/services/networking.scm | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 67653e2cbf..cd418f5f16 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -51,6 +51,7 @@ (define-module (gnu services networking)
   #:use-module (gnu system shadow)
   #:use-module (gnu system pam)
   #:use-module ((gnu system file-systems) #:select (file-system-mapping))
+  #:use-module (gnu system privilege)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
@@ -290,7 +291,12 @@ (define-module (gnu services networking)
 
             keepalived-configuration
             keepalived-configuration?
-            keepalived-service-type))
+            keepalived-service-type
+
+            wireshark-configuration
+            wireshark-configuration?
+            wireshark-configuration-wireshark
+            wireshark-service-type))
 
 ;;; Commentary:
 ;;;
@@ -2726,4 +2732,31 @@ (define keepalived-service-type
                  "Run @uref{https://www.keepalived.org/, Keepalived}
 routing software.")))
 
+(define-configuration wireshark-configuration
+  (wireshark
+   (file-like wireshark)
+   "wireshark package.")
+  (no-serialization))
+
+(define (wireshark-privileged-programs config)
+  (list
+   (privileged-program
+    (program
+     (file-append (wireshark-configuration-wireshark config) "/privileged/dumpcap"))
+    (capabilities "cap_net_raw,cap_net_admin=eip"))))
+
+(define wireshark-service-type
+  (service-type
+   (name 'wireshark)
+   (extensions
+    (list
+     (service-extension profile-service-type
+                        (compose list wireshark-configuration-wireshark))
+     (service-extension privileged-program-service-type
+                        wireshark-privileged-programs)))
+   (default-value (wireshark-configuration))
+   (description "Run wireshark. https://www.wireshark.org/
+
+All users of the system will be able to run dumpcap without special permissions.")))
+
 ;;; networking.scm ends here
-- 
2.49.0
This bug report was last modified 45 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.