setuid tshark prevents deployment (mkSetcapProgram related)

[teto]

I want to use tshark (CLI version of wireshark) to capture traffic from my VMs. Up until now, I had this wireshark warning

+ tshark -n -w server.pcap -q
Running as user "root" and group "root". This could be dangerous.
tshark: Lua: Error during loading:
 [string "/nix/store/xa9aq2l4a2phhrrb4dyyxclszmywzh1z-w..."]:44: dofile has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.

so I decided to get rid of the warning via adding in my VM config

  programs.wireshark.enable = true; # installs setuid
  programs.wireshark.package = pkgs.wireshark; # which one

but then when I try to deploy the VM, I get

building all machine configurations...
error: while evaluating the attribute ‘buildCommand’ of the derivation ‘nixops-machines’ at /home/teto/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:98:11:
while evaluating anonymous function at /home/teto/nixops/nix/eval-machine-info.nix:346:46, called from /home/teto/nixpkgs/lib/attrsets.nix:199:52:
while evaluating the attribute ‘activationScript’ of the derivation ‘nixos-system-client-18.03.git.66f3bf6’ at /home/teto/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:98:11:
while evaluating the attribute ‘system.activationScripts.script’ at /home/teto/nixpkgs/nixos/modules/system/activation/activation-script.nix:62:9:
while evaluating ‘textClosureMap’ at /home/teto/nixpkgs/lib/strings-with-deps.nix:70:35, called from /home/teto/nixpkgs/nixos/modules/system/activation/activation-script.nix:83:18:
while evaluating ‘id’ at /home/teto/nixpkgs/lib/trivial.nix:9:8, called from undefined position:
while evaluating the attribute ‘text’ at /home/teto/nixpkgs/nixos/modules/system/activation/activation-script.nix:9:5:
while evaluating the attribute ‘text’ at /home/teto/nixpkgs/lib/strings-with-deps.nix:77:38:
while evaluating anonymous function at /home/teto/nixpkgs/nixos/modules/security/wrappers/default.nix:77:8, called from undefined position:
while evaluating ‘mkSetcapProgram’ at /home/teto/nixpkgs/nixos/modules/security/wrappers/default.nix:27:5, called from /home/teto/nixpkgs/nixos/modules/security/wrappers/default.nix:78:16:
assertion failed at /home/teto/nixpkgs/nixos/modules/security/wrappers/default.nix:35:5
error: unable to build all machine configurations

[bjornfor]

That assertion (line 2 from the bottom) seems to indicate you have too old kernel:

    assert (lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3");

(Hm, it'd be nice if asserts could print out their condition upon failure.)

[teto]

oh my bad, I should have checked the assert line, my host kernel is recent but it's very possible the VMs use an old one (hopefully it will change with NixOS/nixpkgs#29226).

(Hm, it'd be nice if asserts could print out their condition upon failure.)

definitely

Closing this thanks