selinux wireshark

Just wondering if anyone knows how to configure selinux to allow wireshark. It seems one must set labels for all the wireshark related files, but I am not sure which files they are. I have already set /usr/bin/dumpcap. Maybe I have to do that for each network device as well?

I have looked at all the permissions, am sure it's not a DAC problem

I am using fedora silverblue 34.

I will probably install Kali Linux, but it would good to learn some selinux anyway.

If someone could point me towards a decent tutorial, that would be handy.

Thanks in advance :+)

Various edits.
Last edited on
Haven't used Fedora.

Doesn't wireshark package have proper selinux-policy?

One can temporarily set selinux into permissive mode: setenforce 0
In permissive mode selinux logs all events, but does not block them.
That way you get all wireshark-events and not just the first that stops wireshark.

audit2why < /var/log/audit/audit.log

lists the events in more human-readable format.
https://fedoraproject.org/wiki/SELinux/audit2why

audit2allow creates rules from logs:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-allowing_access_audit2allow
Last edited on
Hi,

Sorry for the super late reply, and thanks for your reply @keskiverto .

It seems there is quite a bit of difficulty with wireshark on Silverblue OS, mainly due to it not doing any configuration at all for DAC or SELinux.

I have since installed Kali distribution ad it is all working swimmingly now :+)
Registered users can post here. Sign in or register to post.