diff mbox series

[bug#78179,4/4] services: Add wireshark-service-type.

Message ID fb2a6a6760ccd4a99493d5f027aa67caefea943e.1746086472.git.rutherther@ditigal.xyz
State New
Headers
Series Add wireshark-service-type with privileged wrapper |

Commit Message

Rutherther May 1, 2025, 8:29 a.m. UTC 
  Adds wireshark service that puts wireshark to the profile and dumpcap to
privileged programs so that any user can use wireshark on the system.

* gnu/services/networking.scm (wireshark-configuration): New variable.
* gnu/services/networking.scm (wireshark-privileged-program): New variable.
* gnu/services/networking.scm (wireshark-service-type): New variable.

Change-Id: Id4b0ce02fecc43592784bf22aaafa83b63c599d4
---
 gnu/services/networking.scm | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 67653e2cbf..cd418f5f16 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -51,6 +51,7 @@  (define-module (gnu services networking)
   #:use-module (gnu system shadow)
   #:use-module (gnu system pam)
   #:use-module ((gnu system file-systems) #:select (file-system-mapping))
+  #:use-module (gnu system privilege)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
@@ -290,7 +291,12 @@  (define-module (gnu services networking)
 
             keepalived-configuration
             keepalived-configuration?
-            keepalived-service-type))
+            keepalived-service-type
+
+            wireshark-configuration
+            wireshark-configuration?
+            wireshark-configuration-wireshark
+            wireshark-service-type))
 
 ;;; Commentary:
 ;;;
@@ -2726,4 +2732,31 @@  (define keepalived-service-type
                  "Run @uref{https://www.keepalived.org/, Keepalived}
 routing software.")))
 
+(define-configuration wireshark-configuration
+  (wireshark
+   (file-like wireshark)
+   "wireshark package.")
+  (no-serialization))
+
+(define (wireshark-privileged-programs config)
+  (list
+   (privileged-program
+    (program
+     (file-append (wireshark-configuration-wireshark config) "/privileged/dumpcap"))
+    (capabilities "cap_net_raw,cap_net_admin=eip"))))
+
+(define wireshark-service-type
+  (service-type
+   (name 'wireshark)
+   (extensions
+    (list
+     (service-extension profile-service-type
+                        (compose list wireshark-configuration-wireshark))
+     (service-extension privileged-program-service-type
+                        wireshark-privileged-programs)))
+   (default-value (wireshark-configuration))
+   (description "Run wireshark. https://www.wireshark.org/
+
+All users of the system will be able to run dumpcap without special permissions.")))
+
 ;;; networking.scm ends here