cbeno
October 9, 2025, 3:33am
1
Hello,
To be more accurate, I’m using a BlueBuild custom image based off Fedora Sway Atomic .
I added the wireshark-cli package to my image. However, the dumpcap program, provided by wireshark-cli, instead of being owned by the group wireshark, is owned by usbmon.
This does not sound correct to me. This also prevents me from using tshark without being a member of the usbmon group, which I think is not intended.
Can someone confirm this is an issue in the wireshark-cli package provided by Fedora?
Thank you
1 Like
wbo
October 9, 2025, 11:15pm
2
This is probably caused by the packages preinstall script
$ rpm -q --scripts wireshark-cli
preinstall scriptlet (using /bin/sh):
# generated from wireshark.sysusers
getent group 'wireshark' >/dev/null || groupadd -r 'wireshark' || :
getent group 'usbmon' >/dev/null || groupadd -r 'usbmon' || :
postinstall scriptlet (using /bin/sh):
# skip triggering if udevd isn't even accessible, e.g. containers or
# rpm-ostree-based systems
if [ -S /run/udev/control ]; then
/usr/bin/udevadm trigger --subsystem-match=usbmon || :
fi
2 Likes
cbeno
October 10, 2025, 2:26pm
3
This rpm -q --scripts <package> command is nice.2403092 – Improper group for dumpcap: usbmon instead of wireshark
This looks like fully a packaging issue to me, unrelated to how it is installed
1 Like
