I need to start the local Wireshark from the web user interface of a web service to immediately start a capture session, using some external capture plugin to connect to the web service. When using Firefox, starting Wireshark and then packet capture works. When using Chromium, Wireshark starts but then packet capture fails as /usr/bin/dumpcap seems to be restricted.
- installed Wireshark so that it can be used from non-root users.
- added my user to the wireshark group:
sudo gpasswd -a $USER wireshark
- started wireshark from a bash terminal and successfully started a capture.
Next, I registered a desktop entry (xdg-settings set default-url-scheme-handler xxx xxx.desktop):
[Desktop Entry]
Encoding=UTF-8
Name=Remote Capture URL Handler
Type=Application
Exec=wireshark -k -i xxx -o extcap.xxx.url:%u
MimeType=x-scheme-handler/xxx
Terminal=false
NoDisplay=true
Categories=Utility
Clicking on an xxx:// link correctly starts Wireshark, but then Wireshark cannot start dumpcap:
Couldn't run /usr/bin/dumpcap in child process: Permission denied
Dumpcap has POSIX file capabilities set, but it looks like the chromium sandboxing might be changing the bounding capabilities?
$ ls -l `which dumpcap`
-rwxr-xr-- 1 root wireshark 121344 Mar 15 18:01 /usr/bin/dumpcap
$ getcap `which dumpcap`
/usr/bin/dumpcap cap_net_admin,cap_net_raw=eip
How can I register my application with chromium to be correctly started with the users full rights so that Wireshark is able to run dumpcap?
