| Message ID | 20201203124423.14137-1-pablo@netfilter.org |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [nft] src: report EPERM for non-root users | expand |
On 12/3/20 1:44 PM, Pablo Neira Ayuso wrote: > $ /usr/sbin/nft list ruleset > Operation not permitted (you must be root) > > Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1372 > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > --- > src/libnftables.c | 7 ++++++- > src/netlink.c | 2 +- > 2 files changed, 7 insertions(+), 2 deletions(-) > Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
diff --git a/src/libnftables.c b/src/libnftables.c index a180a9a30b3d..044365914747 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -463,8 +463,13 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf) parser_rc = rc; rc = nft_evaluate(nft, &msgs, &cmds); - if (rc < 0) + if (rc < 0) { + if (errno == EPERM) { + fprintf(stderr, "%s (you must be root)\n", + strerror(errno)); + } goto err; + } if (parser_rc) { rc = parser_rc; diff --git a/src/netlink.c b/src/netlink.c index f8ac2b9e3665..2ea2d4457664 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -635,7 +635,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h) if (errno == EINTR) return -1; - return 0; + return -1; } ctx->data = h;
$ /usr/sbin/nft list ruleset Operation not permitted (you must be root) Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1372 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/libnftables.c | 7 ++++++- src/netlink.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-)