wireshark: build with libcap (POSIX capabilities)

This makes running wireshark (or more specifically, dumpcap) as root a
bit more secure. From <wireshark-1.11.2>/doc/README.packaging:

  The "--with-libcap" option is only useful when dumpcap is installed
  setuid. If it is enabled dumpcap will try to drop any setuid privileges
  it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
  capabilities. It is enabled by default, if the Linux capabilities
  library (on which it depends) is found.

1 files changed, 2 insertions, 1 deletions

diff --git a/pkgs/applications/networking/sniffers/wireshark/default.nix b/pkgs/applications/networking/sniffers/wireshark/default.nix
index 256681ec54e2..37a75e437ad3 100644
--- a/pkgs/applications/networking/sniffers/wireshark/default.nix
+++ b/pkgs/applications/networking/sniffers/wireshark/default.nix
@@ -1,5 +1,6 @@
 { stdenv, fetchurl, pkgconfig, perl, flex, bison, libpcap, libnl, c-ares
 , gnutls, libgcrypt, geoip, heimdal, lua5, gtk, makeDesktopItem, python
+, libcap
 }:
 
 let version = "1.11.2"; in
@@ -14,7 +15,7 @@ stdenv.mkDerivation {
 
   buildInputs = [
     bison flex perl pkgconfig libpcap lua5 heimdal libgcrypt gnutls
-    geoip libnl c-ares gtk python
+    geoip libnl c-ares gtk python libcap
   ];
 
   preConfigure = ''