Bug 1022378

Summary: wireshark: harden /usr/sbin/dumpcap capabilities
Product: Red Hat Enterprise Linux 7 Reporter: Florian Weimer <fweimer>
Component: wiresharkAssignee: Peter Hatina <phatina>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Jaburek <jjaburek>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: huzaifas, jjaburek, ksrot, phatina, rvokal, tsmetana
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: wireshark-1.10.3-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1022377 Environment:
Last Closed: 2014-06-13 09:54:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1022377    
Bug Blocks:    

Description Florian Weimer 2013-10-23 07:44:08 UTC 
+++ This bug was initially created as a clone of Bug #1022377 +++

wireshark-1.10.2-8 installs /usr/sbin/dumpcap with capabilities "= cap_net_admin,cap_net_raw+eip".  This should be "= cap_net_admin,cap_net_raw+ep" because these capabilities do not need to be inheritable.
Comment 5 Ludek Smid 2014-06-13 09:54:16 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.