Guix provides the privileged programs API to accomplish that. Although although all the uses of the record I found where about setting the setuid of the program, not specific capabilties.
I’m trying to do that as part as home service. The goal being that it could be upstreamed so that guix users can have a working Wireshark out of the box. However I’m having trouble referring to the dumpcap executable in the Wireshark package. Any pointers?
puercopop@kraken ~/src/glue
$ ./pre-inst-env guix home container src/conf/home-scratch.scm
guix home: error: no target of type 'privileged-program' for service 'wireshark-home-service-type'
Unfortunately I don’t have a pointer for you in regards to the privileged programs API; instead, I found this mailing discussion reply from Ludovic, which implies that one should prefer to one-shot run wireshark as sudo from the command line, rather than go through setuid which could weaken overall security: Re: Running Wireshark as non-root
Unfortunately for me, I get “could not connect to display” errors even when trying to do that under Sway. It seems like the package doesn’t just work out of the box straightforwardly.
Wireshark working under sway as non-root (or even as root…) is one of the few things that eludes me after half a year of trying Guix out casually.
Unfortunately for me, I get “could not connect to display” errors even when trying to do that under Sway.
Use sudo -E guix shell wireshark -- wireshark (-E is to preserve environment, as otherwise the context wireshark is run in has no knowledge of the display env variable, hence the error) or better, add the display variable to env_keep in your /etc/sudoers file (if I don’t forget, I’ll provide a configuration example for this tomorrow).