From 8a0725cd013564500af985c728c1589ae9eb47f7 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sun, 3 Sep 2017 21:34:07 +0200
Subject: tighten capability sets

---
 etc/wireshark.profile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'etc/wireshark.profile')

diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index 57f4f2f5b..7504d0b9c 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -12,7 +12,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-# caps.drop all
+caps.keep net_admin,net_raw
 netfilter
 no3d
 # nogroups - breaks unprivileged wireshark usage
@@ -21,6 +21,7 @@ no3d
 nodvd
 nosound
 notv
+novideo
 # protocol unix,inet,inet6,netlink
 # seccomp - breaks unprivileged wireshark usage
 shell none
-- 
cgit v1.2.3-70-g09d2